Today’s colleges and universities are called on to provide an increasing variety of services beyond research and teaching. Students and families expect tutors, residences, athletic facilities and other supports. At the same time, college leaders are competing for the best students and grants. A lean, highly efficient administration is critical to attracting students, faculty, and funding.
When it comes to security, nobody has the patience for the “absentminded” professor mentality. The academic staff knows that grades, student health records, and complex research must be protected. When faculty, students, and staff can operate in a safe environment, they are better able to focus on their responsibilities.
1. Find security automation solutions.
In comparison to banks and other large companies, colleges have limited resources to address cybersecurity concerns. It is critical to automate and streamline security administration as much as possible. In fact, your college may have a decentralized approach to identity management. Each department and faculty may have certain systems and applications to administer. To make life easier, consider using Avatier as your college’s identity management solution.
Tip: Implementing a new security process at your college may prompt questions. Consider organizing a few “lunch and learn” training sessions on campus to show what is required. To increase buy-in, emphasize how the new process will reduce manual security processes and paperwork.
2. Set security expiration dates for all users.
In the college environment, new students, fellows, and contract hires arrive and depart each year. In that dynamic environment, controlling security becomes difficult. Instead of granting security access on an unlimited basis, issue access for a time-limited basis. As a default approach, we recommend reviewing security access and permissions annually. For high-risk roles such as finance and IT, review access every six months.
If your college already has a security expiration date policy in effect, it is time to evaluate the policy. Ask your internal audit or IT group to randomly select a set of users and check whether their access permissions are correct. You will probably be surprised by what you find: carelessness and system malfunctions may reveal you have security issues to address.
Resource: Interested in updating your college’s security procedures? Review the University of Florida’s Checklist for End User Roles for Security, which outlines a strong step-by-step process to guide users through their work.
3. Assess your card access program.
Key cards are a popular way to restrict access to sensitive facilities and departments. If your institution has expanded rapidly, your key card program may not have kept pace. High Point University has added hundreds of acres of space, much of it distant from the main campus. To address this growth, High Point has more than 500 card access doors. Further, High Point plans to expand to 1,000 card access doors shortly.
Tip: Avoid issuing “master access cards” that permit access to multiple buildings whenever possible. If such an access card falls into the wrong hands, mischief and worse may occur.
4. Factor security funding into external funding requests
Does your college regularly seek out grants and outside funding sources? Landing such funding has the potential to break new ground in research. According to MSN: “The principal funding source for Johns Hopkins University, Georgia Institute of Technology, Pennsylvania State University, and the Massachusetts Institute of Technology — is the Department of Defense.” The U.S. Department of Health and Human Services is another source of federal funding for many colleges.
What do health and national security have in common? Both are highly regulated areas subject to public scrutiny. If your college expects to receive federal funding, you must run a professional institution. Federal administrators want to know that public funds given to colleges will be tracked and securely managed. If your college has a robust security framework, that may be just what you need to win more grant funding.
Further reading on security for colleges and universities:
Many colleges and universities have large, well-developed IT systems. As a result, several institutions have published their security policies and procedures. To validate your institution’s approach to security, explore these resources:
- University of Florida’s Checklist for End User Roles for Security
- Ed Finkel, Campus Security Moves to the Fore at Colleges and Universities, Security Magazine, October 1 2016
- MSN, The 20 universities getting the most money from the federal government, April 6 2017
