Rook Uncut: Top Information Security Threats on College Campuses

Welcome to “Rook Uncut,” a blog series that features common questions frequently posed to our security experts. With new data breaches or information security concerns making headlines each day, Rook is often approached by peers, friends, family, and the media to provide insight. Rook Uncut gives you our experts’ quick and raw answers to security questions. Be sure to check back for more of Rook Uncut!

Luke Klink, Security Consultant Team Lead answers some questions about IT security on college campuses.

Q: In your opinion, what are some of the top issues, other than data breaches, that face college campuses today?

A: Risks on college campuses can vary based upon the maturity level of the school’s IT and IT Security environments. Colleges that have defined and implemented layered controls to ensure faculty, students, and guests are contained to pre-authorized network locations and information assets stand a far greater chance to mitigate risks to their environment.

Q: What is happening that creates these particular risks?

A: When implementing IT security controls, often overlooked are physical security controls. Access must be prevented to areas that contain critical or sensitive systems and networks. If Wi-Fi access is controlled through credentials, yet an individual can access a printer, pull the network cable and attach directly to the LAN. Is there an authentication step to that network segment to ensure they are authorized to be on that network segment? Ensure system and user access is well-defined and monitored to prevent these physical security risks.

College is a great place to prepare for your chosen career, but can also provide a gateway to the “dark-side” of the Internet. Fast and free network access is a nice perk and can provide the avenues to easily explore and master skills associated with malicious activity and scams in effort to make a few bucks for the upcoming weekend’s social activities. However, some of these activities may get you dismissed before you earn that degree. Early security awareness and education is critical to ensure network users are aware of the proper use and potential risks of the college network.

Q: What can be done to help decrease these security concerns/risks?

A: Schools need to ensure the networks they are providing are secure. Just installing firewalls, anti-virus, and requiring authentication doesn’t make you secure. The controls must be defined by a strategy to effectively mitigate identified risks and provide the necessary VISIBILITY. INTELLIGENCE. RESPONSE.® capabilities to improve risk response.