Cyber threats are an ongoing challenge for higher education and research institutions, making collaboration and information-sharing more critical than ever. REN-ISAC plays a key role in strengthening cybersecurity across these sectors, serving as a trusted alliance that helps institutions stay ahead of evolving risks.

By following REN-ISAC on LinkedIn, you can stay informed about the alliance’s role in cybersecurity for higher education and research. Whether you’re part of an institution, work in the field, or simply have an interest in cybersecurity, REN-ISAC’s LinkedIn page provides updates on the work being done to protect critical academic and research infrastructure.

Cybersecurity is stronger when knowledge is shared. Follow REN-ISAC on LinkedIn and stay connected to the ongoing efforts that help secure the future of higher education and research.

https://go.ren-isac.net/linkedin

Cyber threats continue to evolve, making it more important than ever for higher education and research institutions to stay informed and prepared. The REN-ISAC Member Meeting (RIMM) 2025 offers a unique opportunity to gain valuable cybersecurity insights, engage in peer-driven discussions, and strengthen your institution’s security posture. This members-only event is designed to provide practical solutions, updates on REN-ISAC services, and the chance to connect with cybersecurity professionals from across the community.

Event Details

• Where: Baltimore Marriott Waterfront, Baltimore, MD

• When: Thursday, May 22, 2025

• Time: 8:00 AM – 5:00 PM

What to Expect

> Updates on REN-ISAC services

> Peer-led discussions on real-world cybersecurity challenges

> Insights to strengthen institutional security

> Networking with top cybersecurity professionals from the REN-ISAC community

If you have valuable insights to share, submit a proposal or volunteer as a discussion leader before March 14 at 11:59 PM ET.

For more details and to secure your spot, visit REN-ISAC RIMM 2025.

REN-ISAC is partnering with SANS to offer SEC511: Cybersecurity Engineering – Advanced Threat Detection and Monitoring. This live, online-only course covers:

• Defensible security architecture
• Network security monitoring
• Continuous diagnostics and mitigation
• Continuous security monitoring

Designed for cybersecurity professionals in education, this course helps strengthen institutional security and threat detection.

Learn more and register: https://www.sans.org/partnerships/sled/events/ 

Did you know? 

REN-ISAC and SANS have long collaborated to provide affordable, high-quality cybersecurity training for higher education and K-12 institutions in the U.S. and Canada. Through the Aggregate Purchase Program, institutions can save over 50% on SANS courses.

Purchase Windows: 

> June 1 – July 31
>  December 1 – January 31

Institutions can buy training credits for a wide range of courses to keep cybersecurity teams ahead of emerging threats.
Flexible Training Options:

• Online Training: OnDemand (self-paced) or Live Online (instructor-led).
• NetWars Continuous: Gamified, hands-on cybersecurity challenges.
• Security Awareness Training: For end users, healthcare professionals, developers, and engineers.

Why Participate?

• World-Class Training: Learn from top cybersecurity experts.
• Significant Cost Savings: Train more staff within budget.
• Stronger Security Posture: Equip teams with cutting-edge skills.

Look for announcements to membership for reminders of the aggregate purchase windows. 

February 2025 brought exciting new REN-ISAC membership benefits and services. We updated our online resources to enable single sign-on (SSO), allowing you to use one password for all REN-ISAC services. We also enabled multi-factor authentication to ensure the security of our membership community

We know that information sharing enhances higher education’s overall security standings. To encourage increased member collaboration, we also launched a member’s Slack instance where you can chat with colleagues, Steering Committee members, and REN-ISAC staff.

Members, if you have not set up your SSO

• Look for an email regarding your REN-ISAC SSO account and begin the process of updating your account.
• Visit our SSO account set-up page for step-by-step instructions.
• Set up Slack.
• Contact us if you have any issues.

Not a member? We offer these and many other services to our membership organizations. Contact us for more information on how to get involved with REN-ISAC.

With these new services, we look forward to serving you better.

The Research and Education Networks Information Sharing and Analysis Center (REN-ISAC), a trusted cybersecurity resource for nearly 800 higher education and research institutions worldwide, has entered an exclusive partnership with ITsavvy. This collaboration is aimed at improving cybersecurity defenses for colleges and universities while addressing the unique challenges faced by the academic sector.

REN-ISAC serves as a critical hub for cybersecurity threat intelligence, analysis, and collaboration. By partnering with ITsavvy, REN-ISAC will provide its members with access to advanced IT solutions, tailored to enhance institutional resilience and operational security. The agreement includes discounted IT products and services, enabling member institutions to allocate resources more effectively while safeguarding their academic and research missions.

The partnership emphasizes key areas to support member institutions, including:

> Proactive cybersecurity measures to protect academic and research data.

> Integrated IT infrastructure services to improve efficiency and adaptability.

> Scalable solutions to address emerging and evolving cyber threats.

> Customized IT procurement tailored to the needs of higher education institutions.

This collaboration reflects REN-ISAC’s ongoing commitment to empowering its members with the tools and knowledge necessary to navigate the ever-changing cybersecurity landscape. By working closely with ITsavvy, REN-ISAC strengthens its ability to support the higher education community in responding to threats while fostering a culture of security and innovation.

“REN-ISAC’s mission is to bolster cybersecurity in higher education and research institutions, and this partnership represents a significant step forward in that effort,” said Anthony Newman, Executive Director of REN-ISAC. “By providing members with access to cutting-edge IT solutions, we are ensuring that our institutions can continue their critical work in a secure environment.”

The partnership ensures members receive access to ITsavvy’s wide-ranging expertise in IT infrastructure and cybersecurity, along with exclusive pricing and tailored services to address institutional needs. This collaboration aligns with REN-ISAC’s mission to support its members in safeguarding their operations while advancing knowledge and innovation.

For more information, please email info@ren-isac.net.

Not a member of the REN-ISAC? Become a member today.

The REN-ISAC is proud to partner with ITsavvy, a leader in providing tailored IT infrastructure and cybersecurity solutions. Through this collaboration, REN-ISAC members gain access to discounted IT products and services specifically designed for the unique needs of higher education and research institutions. A percentage of sales from ITsavvy’s services directly supports REN-ISAC’s mission, helping us provide valuable resources and keep membership costs low. By utilizing ITsavvy’s solutions, you not only enhance your institution’s cybersecurity and operational resilience but also contribute to the growth and sustainability of our community.

The REN-ISAC has recently launched the Information Security Kickstart, a brand-new Information Security Assessment and Advisory Services (ISAAS) offering designed to assist smaller colleges and universities. Shane Albright was inspired to come up with the InfoSec Kickstart concept based on his previous role as a systems administrator. “I worked in an understaffed and underfunded division within a large university that dictated a number of ‘unfunded mandates.” It was frustrating. I had to learn how to secure the systems for which I was responsible with very few resources.” According to Shane, this is an all too common scenario amongst small organizations. Staff there are responsible for running and securing systems while lacking the necessary resources. “I wanted to help my colleagues make their way down the path I’d tread before,” he said.

Who would most benefit from the InfoSec Kickstart?

The program is designed for

• Institutions with less than 10,000 students
• Colleges that are part of a larger, decentralized university
• Research and education networks
• Any group in higher education that’s responsible for managing their own IT and information security with a small team that feels like they could use some guidance

What is the InfoSec Kickstart?

It’s a one-and-a-half-day engagement that combines facilitated discussion, expert assessment, and an incident response tabletop exercise. Through the process, clients will be able to launch or relaunch an information security management program, improve an existing information security management program, or simply create a more secure computing environment with existing resources.

The Kickstart process includes

• The participation of most, if not all, of an institution’s IT staff in addition to other stakeholders in the learning and assessment process.
• A prediscovery phase where the institution completes a pre-assessment questionnaire and provides necessary documentation.
• Onsite facilitated discussions on a variety of information security topics from asset management and vulnerability management to security operations and incident response planning.
• An incident response tabletop exercise.

Is there an after-action report?

Absolutely! A week or two after the engagement, you will receive a final report that is uniquely tailored to your organization’s needs. The report will include a list of three to five information security management processes and guidance for implementing and/or improving those processes. The report also includes an executive summary that provides a summary of the InfoSec Kickstart engagement and a high-level review the strengths and weaknesses of your infosec management program

How do I learn more or set up a consultation?

If you think an Information Security Kickstart engagement might be valuable to your organization, Shane is offering a free, public webinar on Wednesday, October 16 at noon ET. You can also visit our website or contact us directly. We are happy to answer your questions.

10 Best Practices to Protect Your Information in Higher Education

In today’s academic environment, students, faculty, and staff are more connected than ever before. With access to institutional databases, personal data, and sensitive research, the importance of safeguarding information cannot be overstated. Higher education institutions are prime targets for cyberattacks, and individuals must take proactive steps to protect themselves and their institutions. The REN-ISAC (Research & Education Networks Information Sharing & Analysis Center) staff have compiled these  best practices you can follow to protect your information in the higher education space:

1. Use Strong, Unique Passwords

Creating strong passwords is your first line of defense. Avoid common or easily guessed phrases, and instead, use a mix of uppercase and lowercase letters, numbers, and special characters. Consider using a password manager to generate and store unique passwords for each account, as reusing the same password across platforms increases your vulnerability to cyberattacks.

2. Enable Multi-Factor Authentication (MFA)

Many higher education institutions offer MFA for campus portals and email systems. This extra layer of security ensures that even if someone gets your password, they won’t be able to access your accounts without the second authentication method, which could be a text message, authentication app, or hardware token. Enable MFA wherever possible, especially for accounts containing sensitive information.

3. Keep Software and Systems Updated

Cybercriminals exploit vulnerabilities in outdated software. Regular updates for your operating system, web browsers, and applications often include patches to protect against security threats. Turn on automatic updates, and don’t ignore those annoying update reminders. This small step can make a big difference in securing your personal information.

4. Beware of Phishing Scams

Phishing attacks are one of the most common methods hackers use to steal information. These emails or messages might look like legitimate communications from your school or a well-known company but often contain malicious links or attachments. Always double-check the sender’s address and avoid clicking on links or downloading files from suspicious emails. If in doubt, reach out to your institution’s IT department for verification.

5. Encrypt Sensitive Data

Whenever you’re dealing with sensitive information—whether it’s personal data, academic records, or research files—ensure it’s encrypted. Encryption tools can safeguard data during transmission and storage. Many email providers and cloud services offer built-in encryption options, so use these tools to secure any sensitive information you share.

6. Use Secure Wi-Fi Networks

Free public Wi-Fi can be tempting when you’re studying at a café or traveling, but it can also expose your data to hackers. Always avoid accessing sensitive information over unsecured networks. If you must use public Wi-Fi, make sure you connect through a Virtual Private Network (VPN), which encrypts your data and protects you from prying eyes.

7. Limit Sharing Personal Information

Be cautious about what personal information you share, both online and in person. Simple details like your student ID number, birthdate, or even your home address could be used in identity theft or phishing attacks. Always verify why this information is needed before sharing it, and limit sharing to only the necessary parties.

8. Secure Your Devices

Physical device security is just as important as online security. Ensure that all your devices—laptops, smartphones, and tablets—are locked with strong PINs, passwords, or biometric authentication like fingerprint or face recognition. Always lock your devices when you step away, and enable features like remote wiping in case they’re lost or stolen.

9. Backup Data Regularly

Data loss can happen due to malware attacks, accidental deletion, or hardware failure. Regularly back up important files, like research, academic work, or critical institutional data, to an external hard drive or a secure cloud service. Make sure these backups are encrypted, so even if the worst happens, your data remains secure.

10. Familiarize Yourself with Institutional Privacy Policies

Each institution has its own data privacy and security policies, often guided by regulations like FERPA in the U.S. or GDPR in Europe. Take the time to review your institution’s policies on data protection, and ensure that you are in compliance when handling sensitive data. Knowing these rules helps you protect not only your own data but also that of others.

Conclusion

Cybersecurity is a shared responsibility. By following these 10 best practices, you can protect yourself from becoming the next victim of cybercrime while contributing to a safer academic community. Stay informed, remain vigilant, and don’t hesitate to seek help from your institution’s IT services when you’re unsure about how to secure your information.

REN-ISAC is happy to announce that our assessment service has been rebranded as  Information Security Assessment and Advisory Services (ISAAS). More than just a name change, ISAAS offers an expanded catalog of services to best fit your organizational needs, including 

• Comprehensive General Assessments: Utilizing the NIST Cybersecurity Framework, these assessments provide a thorough evaluation of an institution’s security posture, offering objective evaluations, actionable recommendations, and an executive summary to support budget proposals and improve security measures.  

• Policy, Process, and Compliance Reviews: Focused reviews of policies, processes, and compliance efforts—including HIPAA, FERPA, GLBA, and NIST SP 800-171 Gap Analysis—that strengthen overall compliance and security operations. Policy, process, and compliance reviews can be purchased individually or bundled with a Comprehensive General Assessment at a discounted rate. 

• Penetration Testing: Simulated attacks conducted to identify vulnerabilities in both on-premises and cloud environments resulting in a detailed report with recommendations for improving security controls. 

• Kickstart Engagements: An affordable, high-value service created to help smaller institutions rapidly enhance their security posture with currently available resources. These engagements provide tactical, operational, and strategic guidance to help build a robust foundation for a successful information security management program. 

• Incident Response Tabletop Exercises: Customized exercises to test and improve an institution’s incident response plans. These simulations help identify weaknesses and provide actionable recommendations for enhancing response strategies. 

ISAAS is committed to helping you and your organization improve through shared expertise, professional assessment, and information security program guidance. We look forward to supporting your information security needs.

Want more information on the assessment process and experience? Watch the REN-ISAC Assessment Client Panel Q&A  Webinar featuring previous assessment clients Stephen Burr (CISO, University of Kentucky and UK Health Care) and Michael Gioia (CISO, Babson College).

For more information on ISAAS services, please schedule a consultation or visit our website.  

The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) requires the Cybersecurity Infrastructure Agency (CISA) to develop and implement incident reporting regulations for critical infrastructure entities. The proposed rule is open for public comments until July 3.

Because CIRCIA will affect a large percentage of US higher education and research institutions, the REN-ISAC is encouraging all higher education security leaders to review the CIRCIA Notice of Proposed Rulemaking, discuss the implications with your team and legal departments, and submit feedback to shape the final regulation. The REN-ISAC is collecting, compiling, and anonymizing feedback to submit to CISA before the end of the comment period (REN’s submission period has ended).

What is CIRCIA?

In March 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act. Enactment of CIRCIA marked an important milestone in improving America’s cybersecurity by, among other things, requiring the Cybersecurity and Infrastructure Security Agency (CISA) to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments to CISA. These reports will allow CISA to rapidly deploy resources and render assistance to victims suffering attacks, analyze incoming reporting across sectors to spot trends, and quickly share that information with network defenders to warn other potential victims.

According to the proposed rule “CIRCIA requires covered entities to report to CISA within certain prescribed timeframes any covered cyber incidents, ransom payments made in response to a ransomware attack, and any substantial new or different information discovered related to a previously submitted report.”

The REN-ISAC has published an abbreviated version of the CIRCIA documentation to provide a paired down overview of the proposed rule.

How does CIRCIA affect higher education?

Many higher education institutions will qualify as a “covered entity” under the CIRCIA proposed rule and are therefore subject to reporting requirements. Covered entities include

[Any] local educational agency, educational service agency, or state educational agency, as defined under 20 U.S.C. 7801, with a student population equal to or greater than 1,000 students; or [any] institute of higher education that receives funding under Title IV of the Higher Education Act, 20 U.S.C. 1001 et seq. (CIRCIA sec 226.2)

Under the proposed legislation, “a covered entity that experiences a covered Cyber Incident must report the covered cyber incident” within 72 hours of discovery. Covered incidents are defined as a “substantial cyber incident experienced by a covered entity” and leads to any of the following:

• A substantial loss of confidentiality, integrity, or availability of the entity’s information system or network.
• A serious impact on the safety and resiliency of the entity’s operational systems and processes.
• A disruption of the entity’s ability to engage in business or industrial operations or deliver goods or services.
• Unauthorized access to the entity’s information system or network, or any nonpublic information contained therein, that is facilitated through or caused by (i) a compromise of Cloud Service Provider, Managed Service Provider, or other third-party data hosting provider or (ii) a supply chain compromise. (CIRCIA 226.1)

Covered entities are also required to report within 24 hours any payments (money, property, or asset) that have been made in connection with a ransomware attack.

For more information, watch REN-ISAC’s recent webinar: “CIRCIA Reporting Requirements and Potential Impact on Colleges and Universities.”

What to do next?

REN-ISAC encourages all CISOs and security leaders to

• Review the proposed rule with their staff and with university counsel
• Review and update (or plan to update) any incident response plans to include CIRCIA reporting
• Coordinate with institutional leadership and the federal affairs office to record feedback
• Share feedback with the REN-ISAC (REN’s submission period has ended)

The REN-ISAC is available to any US higher education institution with questions or concerns. Contact us at soc@ren-isac.net.

On April 4, 2024, the Department of Homeland Security (DHS) Cyber and Infrastructure Security Agency (CISA) published the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements. Because this will have a significant impact on many higher education institutions, the REN-ISAC has released a recent alert on CIRCIA detailing

• What is CIRCIA
• Who does CIRCIA affect
• What qualifies as a “covered incident”
• How to file a cyber incident report
• What actions CISOs need to take now to prepare for full implementation of CIRCIA

Read Notice of Proposed Federal Rulemaking With Significant Potential Impact to Colleges and Universities DHS CISA “Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements”

The REN-ISAC will also review the details of CIRCIA and answer your questions about these new reporting requirements during a webinar in early May (more details coming soon).