Adopting faculty members' methods and language can help garner support for and awareness of information security practices.
Faculty won't necessarily use multifactor authentication—or adopt any security practice—just because we, as information security practitioners, say so. Even as we "communicate, communicate, communicate," our security message might be broadcasting on the wrong frequency. We need to meet faculty where they are.
Let's look at what faculty members do: their singular job is to ask "why?" When conducting research, they must ask why a theory persists or why a solution seems correct. When writing scholarly papers, they must prove or disprove existing knowledge to advance their new arguments. When teaching, they must challenge their students to ask why something is considered true or false. Their job is to challenge the status quo, ask whether our current knowledge is correct, and continue to push the boundaries of knowledge. With this in mind, we should be prepared if faculty members ask "why" they should adopt our information security practices.
Here are six strategies to engage faculty members by adopting their method and language:
- Be curious and conversational about what research and courses faculty are working on and the related technology needs.
- Prepare answers to "why" you are recommending an information security action and be willing to go several layers deep in the reasons "why."
- Appeal to what matters most to faculty, both academically and personally, when explaining "why." For example, academic reputations depend on maintaining the integrity of the work, and the progress of an academic career depends on protecting intellectual property until it's time to publish.
- Provide authoritative sources, such as books and trusted websites, for faculty to reference on their own.
- Remind faculty that they are stewards of their students' data and that they are responsible for the security of the data in their care, whether it is grades or other personal information.
- Engage faculty members as allies in a cross-disciplinary campus cybersecurity advisory group, or invite volunteers to speak or write about campus cybersecurity topics.
Computer science or cybersecurity professors are compelling allies in faculty engagement efforts. As technical experts, they are familiar with security solutions, and as professors, they are practiced in explaining security principles. Most importantly, as faculty peers, they understand the academic perspective that might appear—on the surface—to be in conflict with security principles. These faculty partners are valuable guides as you navigate the domains of free academic pursuit and secure administrative data.
Collaborating with diverse faculty members across the sciences and humanities establishes a broad foundation upon which information security practices will build. As we learn about our faculty members' work, embrace their goals, use their language, and tap into their academic methods, we will gain new perspectives and earn their respect.
Meeting faculty members where they are and harnessing their intellectual mission will help advance information security efforts across your campus. Faculty members are like everyone else: they want to do the right thing, whether protecting their own or others' information. It's up to us to be curious and find the most effective way to engage them.
Daphne T. Ireland is Senior Information Security Risk Analyst at Princeton University.
© 2019 Daphne T. Ireland. The text of this work is licensed under a Creative Commons BY-NC-ND 4.0 International License.