{"id":13514,"date":"2026-01-08T10:59:16","date_gmt":"2026-01-08T16:59:16","guid":{"rendered":"http:\/\/theedublogger.edublogs.org\/?p=13514"},"modified":"2026-01-09T01:44:25","modified_gmt":"2026-01-09T07:44:25","slug":"security-higher-education","status":"publish","type":"post","link":"https:\/\/www.theedublogger.com\/security-higher-education\/","title":{"rendered":"Security Awareness In Higher Education"},"content":{"rendered":"\n<p>Cybercriminals have firmly set their sights on higher education.<\/p>\n\n\n\n<p>According to the <a href=\"https:\/\/www.gov.uk\/government\/statistics\/cyber-security-breaches-survey-2025\/cyber-security-breaches-survey-2025-education-institutions-findings\">2025 UK Cyber Security Breaches Survey<\/a>, about 91% of higher education institutions identified a cybersecurity breach or attack in the past year, much higher than the ~43% of UK businesses that reported the same.<\/p>\n\n\n\n<p>This is no surprise: personal data (of everyone from alumni to staff to faculty), academic research, and cross-institutional records make attractive targets for hackers.<\/p>\n\n\n\n<p>Several cybersecurity incidents have been publicly announced by higher-education institutions, such as:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A University of Maryland database breach targeting the university\u2019s network revealed the records of 287,570 affiliated personnel, students, faculty, and staff<\/li>\n\n\n\n<li>A hack of UCLA\u2019s health system may have exposed records of more than 4 million patients<\/li>\n\n\n\n<li>A 2023 ransomware attack on the University of Manchester resulted in the theft and public leak of sensitive staff and student data after the university refused to pay the ransom<\/li>\n<\/ul>\n\n\n\n<p>The information at risk is often that of young individuals laying the foundation for their education and professional lives. Imagine a hacker with access to your Social Security number while you\u2019re still 18. How could that disrupt your ability to get a loan, buy a car or get a job? A decade later, what would happen when you apply for a housing mortgage?<\/p>\n\n\n\n<p>Colleges and universities find themselves locked in a costly arms race as they try to install new tools and modify their tactics to mitigate the latest cyber attacks. However, the attackers continue to switch schemes, find ways around the tools, and hit different victims.<\/p>\n\n\n\n<p>In other words, technological defenses can only go so far. No matter how versatile an institution\u2019s cybersecurity software may be, its end users lead the line of defense during an attack.<\/p>\n\n\n\n<p>That\u2019s where security awareness comes in.<\/p>\n\n\n\n<p>Awareness often takes a backseat due to the busy lives of faculty, and hectic schedule of students. However, it\u2019s important to educate faculty, students, and staff about security awareness if higher education wants to stand a chance against digital crime.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What Can Higher Education Institutions Do to Raise Awareness?<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"1920\" height=\"499\" src=\"https:\/\/www.theedublogger.com\/files\/2018\/07\/academy-1n7umir-1kssn9c.png\" alt=\"\" class=\"wp-image-13536\" srcset=\"https:\/\/www.theedublogger.com\/files\/2018\/07\/academy-1n7umir-1kssn9c.png 1920w, https:\/\/www.theedublogger.com\/files\/2018\/07\/academy-1n7umir-1kssn9c-250x65.png 250w, https:\/\/www.theedublogger.com\/files\/2018\/07\/academy-1n7umir-1kssn9c-768x200.png 768w, https:\/\/www.theedublogger.com\/files\/2018\/07\/academy-1n7umir-1kssn9c-1080x281.png 1080w\" sizes=\"auto, (max-width: 1920px) 100vw, 1920px\" \/><\/figure>\n<\/div>\n\n\n<p>Security is a success-driver when done right, and a considerable risk with potentially devastating consequences when it fails.<\/p>\n\n\n\n<p>Here are five ways higher education institutions can raise awareness on security.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1) Simulated Phishing Exercises<\/h3>\n\n\n\n<p>Students, faculty, and staff can be educated on security via simulated phishing.<\/p>\n\n\n\n<p>Universities can build phishing campaigns in-house, where IT can send out fake phishing emails with embedded links. Anyone who clicks on any of the links is redirected to a web page that informs them of the simulation exercise and provides further security-related information.<\/p>\n\n\n\n<p>Alternatively, institutions can <a href=\"https:\/\/www.infosecinstitute.com\/securityiq\/\" target=\"_blank\" rel=\"noopener\">partner with organizations<\/a> who offer phishing simulations in the form of videos, modules, and games. Most vendors will be able to customize awareness training to fit the needs of several types of institutions.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2) Data-Sharing Lectures<\/h3>\n\n\n\n<p>Students and faculty members share a variety of personal data through apps and other online services. Specific apps ask to access or use far more data than they need in exchange for free services, and some of them are designed by adversaries who are looking for gateways into institutions.<\/p>\n\n\n\n<p>Personal data can be used to guess passwords and gain access to a device that may contain sensitive data about a college or university. Therefore, lectures should be arranged about data sharing via mobile apps and social networking sites, where the focus should be on reading user agreements to check the amount of data requested before someone downloads a new game or tries a new service.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3) Incentives<\/h3>\n\n\n\n<p>Incentives can help boost behavior changes, and industries have turned to using awards to make security-awareness education more interesting.<\/p>\n\n\n\n<p>For instance, schools may award prizes to students, faculty, and staffers who flag a vulnerability, while the IT department may compete for a monetary reward based on who can identify the most security threats.<\/p>\n\n\n\n<p>On the flip side, those who engage in unsecured browsing and device usage behavior will hear about it too. In fact, incentives may encourage staffers to take their institution&#8217;s security seriously and become part of the first line of defense against attackers.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">4) Institution-Wide Security Hygiene<\/h3>\n\n\n\n<p>Everyone from students to external stakeholders should be educated on the significance of security hygiene.<\/p>\n\n\n\n<p>Colleges need to start enforcing an acceptable-use policy, where all devices and workstations are locked down by stakeholders and signed out when they\u2019re inactive. Training programs should be set up to educate end users about the importance of strong passwords and timely updates of devices\u2019 operating systems.<\/p>\n\n\n\n<p>Research what individuals require and create baseline rules for essential security controls that should be followed at all times. Students can also be asked to access university applications through a secure portal that keeps data secure and doesn\u2019t place restrictions on student-owned devices.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">5) Executive On-Campus Sponsorship<\/h3>\n\n\n\n<p>Get buy-in from campus leaders to ensure that a culture of security spreads through an institution. Top individuals, like the president of the student union, can be tasked with the executive responsibility to drive awareness and keep things on track, and they should report to the upper management directly.<\/p>\n\n\n\n<p>This will give institutions the best opportunity to ensure that their security goals are balanced with other risks, like lack of student interest. To keep interest high, campus leaders can arrange events like a \u201csecurity awareness day\u201d with activities.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"1050\" height=\"273\" src=\"https:\/\/www.theedublogger.com\/files\/2018\/07\/seccurity2-tv715v-2481e4q.jpg\" alt=\"\" class=\"wp-image-13535\" srcset=\"https:\/\/www.theedublogger.com\/files\/2018\/07\/seccurity2-tv715v-2481e4q.jpg 1050w, https:\/\/www.theedublogger.com\/files\/2018\/07\/seccurity2-tv715v-2481e4q-250x65.jpg 250w, https:\/\/www.theedublogger.com\/files\/2018\/07\/seccurity2-tv715v-2481e4q-768x200.jpg 768w\" sizes=\"auto, (max-width: 1050px) 100vw, 1050px\" \/><\/figure>\n<\/div>\n\n\n<p>Security awareness offers several key benefits to higher-education institutions. It helps them facilitate behavioral change to mitigate potential risks, comply with laws, and reduce unnecessary cost.<\/p>\n\n\n\n<p>However, instead of relying entirely on information-security professionals to prevent infiltration and minimize vulnerabilities, institutions should bank on the persons within to learn and digest new information about security.<\/p>\n\n\n\n<p>By taking the measures mentioned above, schools will be in a better position to create a culture of continuous learning and security awareness.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Higher education institutions are at risk of cybersecurity incidents and data breaches. This post outlines five ways higher education institutions can raise awareness on security&#8230;.<\/p>\n","protected":false},"author":11293994,"featured_media":13534,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[1723],"tags":[1750,546194,11672,3689,619,1747],"coauthors":[210693813],"class_list":["post-13514","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-professional-learning","tag-colleges","tag-cybersecurity","tag-data","tag-higher-education","tag-security","tag-universities"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.theedublogger.com\/wp-json\/wp\/v2\/posts\/13514","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.theedublogger.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.theedublogger.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.theedublogger.com\/wp-json\/wp\/v2\/users\/11293994"}],"replies":[{"embeddable":true,"href":"https:\/\/www.theedublogger.com\/wp-json\/wp\/v2\/comments?post=13514"}],"version-history":[{"count":8,"href":"https:\/\/www.theedublogger.com\/wp-json\/wp\/v2\/posts\/13514\/revisions"}],"predecessor-version":[{"id":19584,"href":"https:\/\/www.theedublogger.com\/wp-json\/wp\/v2\/posts\/13514\/revisions\/19584"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.theedublogger.com\/wp-json\/wp\/v2\/media\/13534"}],"wp:attachment":[{"href":"https:\/\/www.theedublogger.com\/wp-json\/wp\/v2\/media?parent=13514"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.theedublogger.com\/wp-json\/wp\/v2\/categories?post=13514"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.theedublogger.com\/wp-json\/wp\/v2\/tags?post=13514"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.theedublogger.com\/wp-json\/wp\/v2\/coauthors?post=13514"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}