If you’re responsible for IT security at a school, college or university, I don’t envy you. You have a tough job.
Not only do you need to keep out the usual external threats like viruses, trojan horses, hackers and the like from your network; you need to ensure that you protect against students’ own blasé attitude towards IT security.
The stats say it all
It’s not just a myth — students are security lax. Research from our study of insider threat personas, shows that 66% of youngsters aged 16–24 have shared a password with someone else at least once — compared with just 30% of those aged 55+.
And password sharing isn’t just a one-off for students either. Over a third (35%) of youngsters aged 16–24 say at least one person has their login details for one website or another — compared with just 11% of those aged 55+.
Students – a difference in attitude!
Students often don’t see password sharing as a problem; in fact it has been seen to become a trend in behaviour. Indeed, the ‘millennial’ generation have been known to see password sharing as a sign of affection — a bit like giving a set of house keys to a partner. As is the case with most things in life, you learn from mistakes, and many people aged 16–24 may not have faced serious consequences from giving their password to somebody… Yet.
The concerning knock-on effect of this behaviour is that students often take this relaxed view of security into the workplace, where they may have access to sensitive information on the company network. While at school or uni, students may have been putting their own confidential data at risk, now they’re putting their employer’s. A risk no company wants.
Companies are at least, however, aware to the threat of young professionals when they join the workforce. In our Insider Threat Peer Report, we interviewed a number of senior IT professionals who were willing to discuss their company’s own internal IT security — a rare treat, simply because most organisations don’t want to talk about how they keep their digital assets safe.
In the report, when asked who posed the greatest security threat to their company. Hinne Hettema, IT security team lead at the University of Auckland, said: “Postgraduate students. They have elevated access to our systems, but at the same time, still behave as students.”
John Giordiano, IT manager at The Scenic Route, also made an interesting point: “I find that older users, although more paranoid about threats, don’t comprehend the scope of being secure and will forget simple things. Whereas the younger crowd can comprehend the scope of being secure but tend to blindly trust new technology because it comes in a shiny package.”
Speed is key – a move away from obstructing your students
John also states: “Older people tend to disregard security measures because they don’t fully understand, and younger people tend to disregard them because it slows them down.”
Today’s youngsters have grown up in a digital age where access to information is near instant, just a moment away with the touch of a smartphone. They expect to be able to operate at the fast pace they’re used to at school, university and at work. And John isn’t the only person who mentioned speed in our report. If your security measures slow them down, they risk causing frustration, which can cause students or employees to find ways to circumvent those measures.
Dylan, an IT manager of a company he didn’t want to disclose said: “Generally users don’t like anything that takes time. Either implement a security solution that they don’t notice or that gives them no choice but to obey procedures.”
The tech-ed solution
The academic environment is very different to the workplace environment. The culture of education promotes the freedom to exchange ideas and access information instantly for the benefit of learning. IT teams must find an appropriate way to balance these access values that define education while protecting and safeguarding data and information systems.
IT security education is key to this balance. But when educating students about IT security, talk to them in a language they’ll understand. We’ve mentioned that they might share a password like a set of house keys, but you wouldn’t just leave your keys lying around. Do that and you risk someone stealing your beloved games console, laptop or smartphone.
And while lending front-door keys to a friend might seem relatively safe if you get those keys back, once you give a password to a colleague, they can access your files whenever they like until you effectively change the locks by changing your password. The more people that have a copy of your keys, the more likely you’ll be burgled.
There are also plenty of security solutions available for you to back up user education. With real-time monitoring, risk indicators, policy rules and a complete view of network activity, it’s possible for you to:
- Detect suspicious access, and alert students and administrators automatically to login anomalies.
- Manage and secure mobile students, whether they’re on laptops, tablets or smartphones.
- Restrict and monitor access to sensitive files so students can only access the files and systems they need.
- Restrict concurrent logins, eliminating the possible windows in which unauthorised users can access sensitive information.
With a mixture of technology and effective IT education, it’s possible to keep serious security breaches at bay. Securing the network — and making your life easier as an IT manager — doesn’t have to seem an impossible task.