When it comes to protecting data on campus, the college president needs to set the tone, but ultimately, the entire campus community needs to be proactive in preventing cyber attacks.

Community colleges need to take cybersecurity as seriously as they take physical security issues, says Lee Petry, director of the Workspace One SET Team, government, education and healthcare, at cloud computing company VMWare. “If there is an active shooter on campus, there are policies, and you’ve trained your students and staff. What do you do for your data?” he says. “Have you updated your plan? What is your plan to secure your data? Do you have firewalls up? Do you have password protection? More often than not, there is no plan.”

James Henningsen, president of the College of Central Florida in Ocala, says two-year colleges need a culture in place that understands the importance of data protection at the highest levels and throughout the management team. “The culture has got to be set by the president,” he says.

Executives need to ensure that the right policies and procedures as well as communication channels are in place to keep up with cybercriminals, Henningsen says. “Hackers are developing new strategies every day, and security people are developing countermeasures every day,” he says. “We disseminate our message through governance groups. It’s important to get the word out. You can send stuff in an e-mail, but not everybody is going to read it. You’ve got to do multiple communication channels, and you need real-world examples.”

The president and CIO need a free, honest channel of communication about not only successes but also challenges and shortcomings, says Henry Glaspie, CIO at College of Central Florida. “Dr. Henningsen is very supportive in saying to me, ‘We have this problem, we don’t have the expertise, can I engage a third party so we can have those resources and skills on the ground?’”

Ed DesPlas, executive vice president at San Juan College, engages in collaboration among departments from information technology to student services to administrative services to achieve the necessary combination of technological solutions—like next-generation firewalls and added protection against malware and ransomware—as well as “almost perpetual training, almost perpetual readiness drills” to ensure people have the right mindset. “We all have to know the first and last line of defense is the people we have working for us,” he says.

This is an excerpt from a feature article that will appear in the upcoming February/March issue of Community College Journal.