In recent years, cyberattacks have become a significant threat to higher education institutions, disrupting critical systems and posing challenges for enrollment management leadership. The experiences of the University of Michigan and Stephen F. Austin State University highlight the importance of contingency planning, communication strategies, and understanding the impacts of cyberattacks on campus operations.
Introduction to Cyberattack Scenarios
Both the University of Michigan and Stephen F. Austin State University faced disruptive cyberattacks that impacted essential systems, including Wi-Fi, site access, student information systems (SIS), email, and more. These incidents prompted an urgent need for contingency planning and effective communication strategies to mitigate the impacts and restore normal operations.
Case Study: Stephen F. Austin State University
At Stephen F. Austin State University, a cyberattack unfolded when the Chief Information Officer (CIO) detected suspicious activity early in the morning. The ERP system malfunctioned, triggering alerts to the systems team and university leadership. In response, the CIO disconnected the entire campus from the internet to contain the threat. The incident escalated quickly, making headlines in local media and generating widespread concern among students and staff.
Immediate Considerations and Response at SFA
The cyberattack at Stephen F. Austin State University raised critical considerations, including student safety, housing, feeding arrangements for students, and the continuity of student learning. The university prioritized restoring basic services to enable classes to resume within three days post-attack. Communication and managing public relations became paramount as the institution navigated the aftermath of the cyber incident.
Case Study: University of Michigan
Similarly, suspicious activity was detected at the University of Michigan just before the fall semester began. All systems, including campus Wi-Fi and email services, were promptly disconnected. The disruption caused significant challenges for students and staff, impacting class schedules, registration processes, and access to essential resources.
Immediate Response and Decision-Making at U-M
The University of Michigan responded by maintaining class schedules, suspending fees for late registration, and extending deadlines for registration and term withdrawals. The Office of the Registrar was crucial in facilitating access to critical information through alternative means, such as PDF class schedules and service announcements on designated platforms.
Lessons Learned and Lasting Impact
Both universities gleaned valuable lessons from their experiences. Key takeaways include the importance of comprehensive backups, maintaining multiple communication channels, and recognizing that institutional priorities may differ from departmental ones during crisis situations. Implementing multi-factor authentication, adopting stringent IT security measures, and heightening awareness of phishing risks emerged as lasting impacts post-cyberattack.
The cyberattack experiences of the University of Michigan and Stephen F. Austin State University underscore the critical need for preparedness, effective communication, and adaptive response strategies in higher education. By learning from these incidents and implementing robust contingency plans, institutions can enhance their resilience and safeguard against future cybersecurity threats.