Online Work Surge Creates Business School Opportunity in Cybersecurity
With the mass move to online work amid COVID-19, business schools can provide graduates with the cybersecurity know-how to lead in the digital workplace.
We are constantly reminded during this COVID-19 pandemic to practice methods that help protect our health. We must keep our distance from others, use hand sanitizer often, and wash our hands nearly every time we pass by a sink.
This really is just good physical hygiene, something we’ve been taught from an early age. But now, we must be diligent in putting it into practice. The consequences, if we do not, could be life-threatening.
Good cyber hygiene is no different. We’ve all been taught not to open unrecognized links, to keep passwords protected, to follow important steps to maintain the health of our technical tools and improve online security.
Much like the physical hygiene we were taught as children, implementing cyber hygiene is now more important than ever to protect the health of our information systems. This is a time—when people are uncertain, afraid, and working remotely on their own personal computers—when cyber criminals stand ready to lure the complacent or ill-informed. This looming threat means it is imperative to practice cyber hygiene as schools worldwide are moving to online instruction and employees in many industries are working remotely.
Workforce studies have shown that after the COVID-19 threat subsides, as many as one out of three workers will continue to work remotely, according to Global Workplace Analytics. And as these work patterns shift, more problems arise, such as “Zoom bombing,” a phenomenon in which hackers interfere with live teleconferencing and tele-teaching, to post inappropriate images or hate speech.
Teaching via teleconferencing is a tool used by many university professors, especially now.
Like just most universities and colleges around the United States, the University of South Florida (USF) and the Muma College of Business are shuttered. That’s not to say business is not being conducted. Quite the contrary; our business faculty are holding classes online for some 6,000 students. Our staff are working from home. Our academic advisors are conversing with students face-to-face through video meetings, conference calls, and emails. And that is where the danger lies.
With the 51,000 USF students attending classes online, and most of the 16,000-plus faculty and staff working remotely, the opportunities for intrusion are heightened. All of this virtual activity means that hackers can gain access to more than 67,000 portals, not only to personal computers but to the vast information systems to which those computers are now attached and on which USF heavily relies.
This situation represents a mecca for hackers and cyber criminals. They can worm their way into the main systems through any one of the remote computers being used now by our students, faculty, and staff—if our users are not vigilant about system security. Yet, we are not hopeless victims. There are measures we can take to protect ourselves and our information systems. The best way to predict the future is to shape it.
Good Cyber Hygiene as an Antidote
The USF Muma College of Business is shaping its cyber future with an eye toward the current trends of cyber criminals. We partner with KnowBe4, a global anti-phishing training company that helps educate our students in proper cyber hygiene.
KnowBe4, in a recent statement, reported a sharp increase of COVID-19-related phishing scams. Phishing is a method by which hackers send deceptive emails persuading individuals to allow access to computers. For example, an email to students, faculty, or staff might appear as if it is coming from the university’s administration—a trusted name that leads people to innocently open links and attachments, allowing criminals access to those individual computers. Once the hackers and scammers breach a single computer logging in remotely for work or class, they have also gained access to the information systems of USF.
This scenario illustrates why it is so important for universities to offer instruction on how to thwart cyber thieves, and I believe this learning should occur through colleges of business, whose graduates one day will preside over the information systems of the companies, government entities, and educational institutions that will employ them upon graduation.
What B-Schools Should Be Doing
Times of adversity often result in innovations that last long after the crisis has passed. And the COVID-19 crisis is no exception. One day, it will end. Lessons will have been learned. Now is the perfect time for business colleges to implement and/or strengthen courses of study that teach future corporate leaders the science, management, and maintenance of information systems.
I’m not suggesting we intrude on our colleagues in colleges of engineering. Those students, like mechanics who build the race car, construct the systems. We, the race car drivers, operate them. An era of collaboration is on us; a merging of engineering expertise with business acumen can produce graduates who “drive” business information systems that are 100 percent immune to intrusion.
At the Muma College of Business, we have in place a system through which students learn cyber hygiene. We partner with companies that are on the cutting edge of information systems protection. They offer internships and training that make our students more employable upon graduation. We have for some time offered cybersecurity concentrations in both our undergraduate and graduate programs, and we have begun an initiative aimed at certifying every student, faculty, and staff member in cyber hygiene.
This may be the moment for business colleges everywhere to boost these “brave new world” programs.
Again, we don’t want to assume the roles of teaching students how to build firewalls. Rather, we should be teaching students to understand them, the basics of how they work, and how to apply them to systems. The new breed of business school graduates must be able to assess the risks and be liaisons with the security engineers—to talk the same language—so they can make informed decisions about information systems protection.
Consider This an OpportunityThis pandemic, and the fear and stress that accompany it, also provides an opportunity to look at cybersecurity from the perspective of corporate leaders who may not be able to write code, but who know what features of a system can be utilized to protect proprietary information. I believe this is a defining moment in history when business colleges begin to take ownership of that future.
In times of international angst, when uncertainty rules, cyberattacks strike more than ever. Whether they seek the economic stimulus checks of individuals or the pathways into corporate and government systems, hackers are not going away. The only protection for businesses and corporations: business graduates armed with a strong grasp of information systems and how they work to resist these attacks.
Business colleges must move toward implementing new majors, concentrations, certificates, or minors in management of cybersecurity. Graduates should now understand business as well as have an appreciation for and comprehension of the risk assessment and risk management related to cybersecurity.
Collectively, we all should consider the important ways that business and engineering colleges can work together to provide the talent that can help solve major business challenges. Individually, we should evaluate our curricula and find ways to infuse cyber hygiene into every course of study. Our systems’ lives depend on it.
Moez Limayem is dean of the Muma College of Business at the University of South Florida in Tampa and a member of the 2019–20 AACSB Board of Directors.