NACUBO Logo National Association of College and University Business Officers Protection From Cyber Attacks
Membership and Community Business Topics Government Relations Research Bookstore Career Heaquarters Professional Development News and Updates About NACUBO
 

My NACUBO
Join NACUBO
Login

Site Map
Contact Us
Home > Business Topics > Technology > Cybersecurity > Protection From Cyber Attacks

Protection From Cyber Attacks

Print Version

Excerpted from Mission Continuity Planning in Higher Education: Strategically Assessing and Planning for Threats to Operations.

The following 12 steps can be used as a guide to protecting computer systems and networks from cyber attacks. While taking these steps won't totally eliminate the possibility of cyber attacks, they will provide reasonable assurance that the damages from such attacks will be minimized.

  1. Review the policies and procedures relating to employees' and vendors' access to all computer systems and networks.
  2. Define and identify every user groups' access to the system, and review the business justification for the access. This involves reviewing the access levels of all employees.
  3. Develop mechanisms to enforce the policies and practices already in place.
  4. Make sure that the computer systems maintain a record of all user logins. In addition, the system should retain a backup copy of these records, preferably in separate hardware.
  5. Create an adequate separation of duties among all system operators, programmers, and network administrators.
  6. Establish a systematic process to periodically review the latest technology in computer security, and determine whether they are appropriate for the operations. Sometimes, installing security patches provided by manufacturers can effectively protect against almost all known security breaches.
  7. Employ a system that forces users to change their passwords periodically. Moreover, passwords should be of a minimum number of eight characters, and the system should store several prior passwords and not accept them again if a person tries to reuse the old password as a new one.
  8. Create a procedure that will systematically review updates on the sources of the latest cyber attack. These updates can be obtained from the FBI's National Infrastructure Protection Center (www.nicp.gov), the InfraGuard forum (www.infraguard.net), and Carnegie Mellon University's CERT Coordination Center (www.cert.org).
  9. Establish procedures to perform data backup of all systems on a frequent basis. In addition, create provisions for off-site storage of all critical data in a secure location.
  10. Make sure that computer systems are adequately protected against electrical problems such as power outages and surges.
  11. Institute security audits using unbiased and competent personnel-the internal auditor or third party--and implement all reasonable recommendations from these audits.
  12. Review termination procedures and take appropriate steps when employees are reassigned or separated from the institution, ensuring that their access to the system is revoked.

  Powered by Ingeniux		 © National Association of College and University Business Officers.
All rights reserved.