Application security, Malware, Network Security, Phishing

CIO: Strayer U’s cybersecurity investments enable digital innovation for students, faculty

The higher learning institution Strayer University is giving its students, faculty and employees an education in cybersecurity, with investments in identity and access technology (IAM), risk management assessments, and anti-phishing training.

These initiatives have given the university a secure foundation upon which to introduce numerous innovative digital offerings to its student body, according to Sabrina Copp, CIO at the for-profit institution. And this in turn makes cyber projects sound more "sexy" and alluring to key decision-makers in management.

In that sense, “essentially, the investments we're making into security and identity have paid for themselves,” said Copp, relaying some of her recent security initiatives in an in-person interview with SC Media at SecureAuth’s Intersection conference in Washington D.C. yesterday.

Strayer caters largely to working adults, more of half of whom take courses remotely online, while the rest have a choice of attending classes at roughly 78 campuses around the U.S. Therefore, IAM is a necessity, considering that faculty and staff across the country must be able to access back-end network systems and databases, while pupils need to log into online services such as a student portal, mobile app and learning management system.

To help control access, Strayer uses two-factor authentication across its systems and introduced fingerprint-based verification for its mobile app. But more significantly, the university also employs several methods to identify risky users and behaviors that could indicate malicious or dangerous activity.

For instance, the school builds student fraud profiles to help ensure that digital impostors aren’t accessing its systems. “That fraud profile allows us to trigger different alerts and flag and/or prevent actions from being taken, based on creating that profile,” said Copp. “I physically may never see you, but I know that you’re a student.”

Employees, meanwhile, are subject to performance evaluations and monitoring that can help Strayer identify potential threats. For starters, Copp said that the school takes strides to learn the “geography of our employees,” so that when its systems receive a request to access a server from a device in unusual IP address location, it automatically initiates two-factor authentication.

The company has enacted certain role-based access policies to ensure that only those employees whose jobs descriptions require them to handle highly sensitive information such as HR and financial records are given the permissions to view that data.

Strayer also tracks day-to-day activity on various endpoints, looking for potential issues. “We’re… very cognizant and aware of anything that’s being sent inside and outside of our network,” as well as what systems users are accessing and what external websites they’re visiting, she continued.

Copp’s team also sends out simulated phishing emails to employees to test if they understand the basic principles of email security. "They look very real, which is the intent. And people give us a hard time all the time that they look too real," said Copp. "And the intent is to show them that exactly what hackers do, that they can simulate an email message..." Those who fall into the trap and open the fake phishing email and then then typically sent for additional training.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.