CASE IN POINT: LESSONS FOR THE PROACTIVE MANAGER
Volume 15 Number 02 | February 2023
This month we begin a deeper dive into each specific category from 2022 with a focus on Information Technology. IT risks are vitally important to manage and are ever evolving so they require special vigilance. As we examined the issues in this category, we noticed something interesting. See if you can pick up a trend here:
Top 3 types of stories in the IT category 2020:
- Data Breaches
- Cyberattacks
- Privacy Issues
Top 3 types of stories in the IT category for 2021:
- Data Breaches
- Cyberattacks
- Privacy Issues
Top 3 types of stories in the IT category for 2022:
- Data Breaches
- Cyberattacks
- Privacy Issues
Since we think we gave some fairly good advice last year on managing this risk, we again present our suggestions for avoiding the headlines.
5 Tips That Could Help You Avoid Becoming an IT Headline
- Practice good password hygiene
- Use strong & different passwords on each site and enable multi-factor authentication.
- Beware of social engineering tactics
- Learn to recognize common methods used by scammers to obtain your personal information, whether via email, text message, phone calls, or in-person. Be skeptical of requests for your personal information or money.
- Use only secure WiFi or VPN
- Most public or free WiFi networks are unsecured. Always use a VPN service when connecting to a public WiFi network.
- Install Updates
- Cyber attackers take advantage of unpatched devices and applications. Regularly look for and install OS and application software updates and hardware firmware.
- Backup your data
- Something will inevitably go wrong. Your hardware may fail, you may accidentally delete the wrong files, or even lose a device. Backups protect you from accidentally losing data and help you recover from ransomware.
Looking to the future, here are five things we predict from reading the tea leaves of this category:
- The 3 items above will remain the top 3 items.
- 2023 will see an increase in governmental regulation surrounding cyber security. While many of these regulations will not be focused on higher education specifically, they will no doubt raise the expectation of cyber security within higher education.
- Privacy regulations will also continue to increase worldwide and in the U.S., thus impacting higher education.
- Cyber insurance rates will continue to increase and become harder for universities to get, leading to more choosing to self-insure.
- Artificial Intelligence (including ChatGPT) will challenge institutions academically as well as in the cyber security realm as deep fakes and social engineering become more sophisticated. This will make the need for training and individual vigilance more important than ever.
Technology related risks are here to stay, but they are simply one category of a vast tapestry of risks facing our industry. We again invite you to look at the events of the prior month with a focus toward proactively managing risk in your area of influence. As always, we welcome your comments and suggestions.

Associate Vice President
Office of Audit, Compliance & Privacy