Cybersecurity is a large topic that can easily become overwhelming. However, as the college retail industry evolves, it is important that you do everything you can to protect students and your store from cybercrime. Recently, we sat down with Dr. Pam Rowland, assistant professor at Dakota State University in Cyber Security, co-director of the Center of Excellence for Information Systems and the director of the CybHER Institute, to discuss what college stores can do to protect themselves against cybersecurity threats.
With the recent news about the arrest and extradition of two individuals that targeted 130-140 universities with phishing emails, how seriously do college stores need to take cybersecurity?
College store employees need to take cybersecurity very seriously. From a risk assessment standpoint, a data breach must be the top concern. If you have data, there is a risk that someone is going to try to breach your data. College and university IT departments have a heightened awareness of this, and they work hard to make sure that data is protected, but every individual on campus needs to do their part, too.
What is the first step a college store should take to improve its cybersecurity?
Security begins with you and your awareness. It’s important to not get complacent. We get so busy and it’s hard to keep up with everything we have to accomplish. I really encourage all your employees to go through cybersecurity training — from work study positions all the way up to the administration of your bookstore.
What else can the college store do?
Multifactor authentication is becoming very important. Consider joining security discussions on your campus. When security risks are discussed, you can ask questions about MF authentication. Also, continue to be aware and seek opportunities to learn. By taking part in teams that ask those tough questions and solve those tough problems, you help ensure your store’s data is secure.
It is also important for college stores to be open to implementing new measures. We must constantly change. This isn’t a field that will stay stagnant for a year or two years. We have to update our systems and security measures frequently. As individuals, make sure you update your system when directed by you IT department or software supplier.
What can college store employees do to help protect the store from cyber-risks?
The people who work in your collegiate store need to be focused on what they can do as an individual. As I said, they need to go to training and take these things seriously. I know we all get really busy, but there are some basic steps we can take to help ensure better cybersecurity.
- Change your passwords. I know it isn’t always convenient to remember a new password, but it does make a difference to have a strong password. We’ve all been hearing that message for years and years and years, but truly a large number of people don't take the time to create a new, strong password.
- Be aware enough to spot phishing emails. Training can help a lot with this. There are a ton of very sophisticated phishing emails. You will eventually get them in your inbox no matter how good your firewall is and no matter how good your IT department is. Just having that awareness to not click on a link even though it appears to be coming from the president of the university or whoever. Even if it looks very legit, be really cautious and don’t be too fast to click.
Take a moment and analyze the email and link. Look at the email address. Is it from an university email address or a Google or Hotmail address? Pay attention to things like that. Also, pay attention to the content. Are there misspellings? Does the content make sense? Would this really be coming from the president of your university? If there are ever questions, the best thing is to send it to your IT department and let them decide if it is legit. Nothing is so urgent that you must click on it right now. Take the time to investigate - Have anything you download onto your system checked by your IT Department. Sometimes, we come across a new program that we want download because it's useful to our workload. Maybe the program would help make your work more efficient and save time. Before you download the program, pass it by your IT department. Have them look at it for vulnerabilities so you aren’t downloading something that could affect the system as a whole.
It is completely understandable that we as individuals look for things that are going to make our work more productive, but take the time to make sure that the software is safe for your system. That actually happens often, where programs have vulnerabilities or malicious code attached to them that could potentially compromise your system. At a university, our systems are part of the network, so everything is connected.
It is good to keep security in the front of our minds. Individual security is what’s going to help secure your organization as a whole. Training employees to be cautious and aware is key to securing your store. Obviously, your IT department will do its job, but we as individuals need to help.
