Life on a college campus changes in the Fall.
In a way, just like the seasons, life in higher ed is very cyclical, and the beginning of the semester is one of excitement. It also ends a busy season for the IT group, which is commonly known to all others as “summer break.”
Much of the major work for IT and the security team must be done while the students are not on campus, so summer and January are critical times. I know that this may be counter-intuitive to those who think we have the summers off, but when you look at it pragmatically, it makes perfect sense. We cannot get in the way of the teaching and learning!
I especially look forward to October. Each year as October approaches it brings a distinct feel to my role as a security officer on a college campus. We all enjoy it when the colors begin to appear on the trees, the days slowly begin to get cooler, and the sounds of the Fall sports are heard all over campus. However, I look forward to October for a specific reason: our annual campaign in support of National Cyber Security Awareness Month.
We take National Cyber Security Awareness Month (“NCSAM”) seriously here. We’ve been making this an awareness priority for 11 years, and are listed as an NCSAM Champion with Stay Safe Online. Our campus expects to be hearing a security message each year, and we try not to disappoint.
There are those who believe that awareness efforts are a waste of time and resources, as the return is not worth the effort. In many ways this could be true. However, when done right, a small amount of security funding can make a proportionally larger impact on your user base. It makes sense to raise awareness using methods that resonate, and NCSAM helps us in this regard.
October is a chance to get our message out with a theme that is catchy and memorable, and focuses on either a new security initiative, or an area that is in need of improvement. Through brown bag discussions, security message quizzes, ads in the daily campus paper, and weekly and monthly prizes as incentives, we have a chance to raise broad awareness across campus for 31 consecutive days. Of special note is our movie nights (free popcorn!) with security-focused content, and Q&A afterwards with prestigious panels of experts.
All of these efforts give the campus an opportunity to see the security group, to meet us, to dialogue with us, and to get to know us personally. They learn that we are on their side, and that we understand their issues as students, faculty or staff. Afterwards, they can follow us on Twitter to get breaking security and privacy news that is important to them, in a way that they are comfortable with.
Does this have an impact on our baseline security posture and performance? It is hard to say. However, we do know that we have touch-points with thousands of the people we support and protect. It is an easy assumption that awareness is certainly increased, members of the campus have more security information that they can use, and risk is reduced to our university.
That’s why I look forward to October.