Balancing Open Access and Cybersecurity in Higher Education

Published July 15, 2024
by Dave Stenger
Balancing Open Access and Cybersecurity in Higher Education

Higher education institutions face the challenge of addressing accessibility and cybersecurity within the framework of public sector cybersecurity. As institutions aim to provide accessibility to educational resources and services, they must concurrently ensure sensitive data is protected against cyber threats. Higher education cybersecurity often faces the challenge of establishing proper security measures that protect schools and students without hindering the ability to freely exchange information. This balancing act is crucial for maintaining the safety and privacy of the academic community, as well as upholding the principles of openness and accessibility critical to colleges and universities.

Understanding the Threat to Cybersecurity

According to research by Malwarebytes’ ransomware specialist, Marcelo Rivero, 2023 was the worst year of ransomware attacks for the public education sector, despite the victims not paying a ransom. His report showed a 70% increase in ransomware attacks against higher education from 2022 to 2023. Similarly, The State of Ransomware in Education 2023 report by cybersecurity provider, Sophos, revealed that nearly 80% of higher education providers reported being hit by ransomware in the last year, up from 64% in the previous year’s survey.

Higher education institutions face endless cyber threats with potentially severe consequences. The vast amount of sensitive data on students and staff, ranging from financial and medical records to research data, amplifies the importance of higher education cybersecurity. Moreover, the interconnectedness of campus networks and the diverse array of users, contribute to the complexity of the security. 

 

Understanding The Challenge of Accessibility

Higher education thrives on a culture of transparency, collaboration, and information-sharing, all of which digital technology significantly enhances. To support the free flow of information, higher education cybersecurity must be balanced with accessibility, whereas most other sectors would prioritize security and restrict access. 

In colleges and universities, open networks and systems are crucial for many research projects, as they facilitate data sharing and collaboration with peers across different universities and research institutions. However, managing access to these networks without hindering academic freedom and collaborative opportunities, can be complex. Additionally, unlike most industries that can restrict physical access to their premises, campuses, and libraries can be physically accessed by visitors who interact with the institution’s networks and systems. 

Striking the Balance

Navigating the dual responsibilities of maintaining strong higher education cybersecurity while ensuring open access to academic resources, is a significant challenge for higher education IT leaders. Effective strategies that harmonize these priorities include focusing on inclusive security designs, adaptive access controls, digital accessibility, and protective measures that consider all users’ needs.

Inclusive Security Design

Inclusive security design ensures that higher education cybersecurity measures are effective, equitable, and accessible to all members of the institution, regardless of their abilities or backgrounds. This approach involves applying universal design principles to cybersecurity measures to ensure they are accessible to all users, including those with disabilities. 

For instance, when implementing multi-factor authentication systems, higher education institutions should provide alternatives like biometric verification and security keys, which accommodate a broader range of needs. Furthermore, establishing feedback systems for users to report accessibility issues with security measures ensures these systems are continually refined and improved.

Adaptive Access Controls

Adaptive Access Controls (AAC) are a dynamic approach to managing and granting access to network resources based on real-time assessments of risk associated with a user request. This method contrasts with traditional static access controls, which apply the same security measures to all users regardless of context. AAC is particularly important in the complex environment of higher education institutions, where users require varying levels of access to resources based on their roles, locations, device security, and other contextual factors.

Flexibility in access controls can significantly enhance higher education cybersecurity without restricting access. Contextual authentication intensifies security protocols during high-risk activities without imposing standardized restrictions across all scenarios. Additionally, customizable access levels can be tailored to meet users’ specific needs and privileges, including those relying on assistive technologies. Implementing systems that allow temporary adjustments in access rights can also accommodate specific academic needs or projects, adding another layer of flexibility.

Promoting Digital Accessibility

Promoting digital accessibility in higher education cybersecurity ensures that all digital resources, systems, and services are accessible to every individual, including those with disabilities. Institutions must find a delicate balance where security protocols are resilient enough to protect sensitive information but also flexible enough not to exclude or create barriers for users with disabilities. This balance is critical to ensure that security enhancements do not impede usability. 

Regular accessibility audits of cybersecurity tools and protocols help maintain compliance with standards such as the Web Content Accessibility Guidelines (WCAG). Including digital accessibility training in cybersecurity education programs for students and staff ensures that all community members are aware of and capable of maintaining these standards. By involving diverse stakeholders in developing and reviewing cybersecurity policies, this fosters more comprehensive and inclusive strategies.

Data Protection with Accessibility in Mind

Protecting sensitive data is a priority for any institution, but the protection methods must not exclude any group of users. Data protection with accessibility in mind focuses on safeguarding sensitive information while ensuring these protective measures do not restrict access for users based on their physical or cognitive abilities. Encrypting data in ways that do not affect its accessibility allows all authorized users to access the information they need. Data loss prevention (DLP) systems should be designed to secure sensitive data while allowing legitimate educational and research activities. Through ensuring backup and recovery systems are accessible to all users, it facilitates swift restoration of services without additional barriers, maintaining the continuity of educational activities. 

 

RAMPxchange Supports the Cyber Mission of Higher Education

The cyber goals of public education include creating a resilient cybersecurity infrastructure that supports the collaborative educational mission, rather than constraining it. By implementing adaptive and thoughtful cybersecurity strategies, higher education institutions can safeguard their communities and invaluable assets while maintaining transparency and accessibility.

Higher education can find proven cybersecurity solutions and service providers to address the challenges of their sector in the RAMPxchange cybersecurity marketplace. The active cyber leaders among the RAMPxchange membership have the public sector experience and independent certifications to become trusted cyber partners of colleges and universities. Reach out to a RAMPxchange representative today to learn more.