How can stretched university IT teams strengthen security awareness against a barrage of increasingly sophisticated cyber threats while also supporting ambitious digitalisation goals?
To help tackle this challenge, Swiss NREN Switch has recently launched a Security Communications and Learning Community (SCLC). The community promotes a collaborative and interdisciplinary approach to security awareness in higher education and research institutions, bringing together IT, communications, and digital learning teams to share knowledge and work more effectively.
Cornelia Puhze, Security Awareness and Communications Expert at Switch, explains more about the community’s goals, the challenges it addresses, and what lies ahead.
The background: Restricted security awareness capacity in university IT teams
Switch set up the community to support higher education institutions, which often have limited cybersecurity resources, in improving their communication about security risks.
“Many universities, especially smaller ones, have just one or two IT staff managing everything, including security,” Cornelia explains.
“They are already stretched thin dealing with technical issues, so security awareness is often an afterthought. Addressing the human factor in security — helping people understand how to behave securely online — poses a significant challenge.”
Security awareness is often seen as an extra burden for busy university IT teams. But given that human error is a leading cause of security vulnerabilities, it’s a challenge that can’t be ignored.
“Many IT staff don’t feel comfortable communicating security risks to people. They’re experts in technology, but don’t necessarily know the best ways to get across the importance of strong passwords or how to spot a phishing scam.”
The goal: Reframing security as a core digital skill
The SCLC’s key goal is changing how security is perceived in higher education institutions. Traditionally, it’s been viewed as a purely technical issue, with IT staff often acting as enforcers, constantly reminding others to be careful and vigilant. This can lead to security being seen as a nuisance.
“The traditional mindset is that security is a tech problem, and people are often seen as the weakest link,” Cornelia says.
“We want to change that narrative. Security isn’t about catching people out when they make mistakes. It’s about empowering them with the digital skills they need to protect themselves and their work.”
This perspective shift aligns with broader national and international goals around responsible digital transformation (as described in the EU Digital Competence Framework for Citizens (DigComp Framework) and Switzerland’s education, research, and innovation (ERI) digitalisation policy 2025-2028). Cornelia and her colleagues are working to reframe digital security as a core competency in higher education.
“Security skills are the foundation of all digital skills, because if you don’t know how to stay safe online, you have a huge problem. And security awareness is essentially promoting and teaching digital security skills.”
Universities are preparing students and staff to navigate a digital world — and being able to do so securely is a vital part of that education.
“Digital security skills are key to academic freedom, research integrity, and responsible digital citizenship. We want everyone, from students to professors, to understand why these skills matter.”
The challenge: Breaking down silos within universities
A major challenge the SCLC seeks to address is the siloed nature of many university departments when it comes to digital skills.
“Digital skills are a fairly big topic in universities — but usually activities are student-facing and unconnected to the IT security department,” Cornelia notes.
“IT security departments are often left to fend for themselves. They’re working hard to secure the university’s systems, but they don’t have support from other departments.”
Communications teams, for instance, often don’t see security efforts as part of their remit, yet they could play a key role in raising awareness.
Likewise, digital learning teams develop courses for students, but don’t always connect their work to the need for secure digital practices within the university. They draw on resources which could benefit IT teams, such as the EU-wide DigComp Framework, a useful tool for measuring digital competence and planning initiatives to improve it.
By encouraging collaboration, knowledge sharing, and resource pooling between these different groups, the new community aims to help universities create more cohesive and effective security strategies.
The ‘how’: SCLC approach and planned activities
Launched in June 2024, the Security Communications and Learning Community is busy recruiting members for its steering committee and planning activities.
To maximise reach and encourage collaboration both within institutions and at national level, the SCLC is tapping into existing professional networks and communities across digital learning, communications, and information security. These include:
- Eduhub — Swiss academic digital learning community
- SUPRIO — Swiss Universities Public Relations and Information Officers
- Relevant Switch-CERT working groups
“The idea is to connect different communities that aren’t otherwise connected but who do similar things, so they can share resources and work more efficiently,” Cornelia says.
Activities will include tailored workshops, webinars, and one-two in-person meetings per year, with ongoing communication via a dedicated chat group.
The community is also facilitating the creation of special interest groups, where participants can share knowledge, tips, and lessons learned about security in specific areas or roles. This will help them tackle common problems more effectively and efficiently.
For example, interest has been shown in a special interest group for IT administrators managing e-learning platforms. This would allow participants to discuss common security challenges such as access control and ensuring secure setups for varying user roles, and collaborate on identifying effective solutions.
Strengthening crisis management
One potentially fruitful area for stronger cross-department collaboration in higher education is crisis management. Cornelia is enthusiastic about running tabletop crisis management exercises where technical and communications staff work together to practise their responses to simulated breaches.
“Universities often don’t have plans in place for handling a security breach. So when one happens, comms teams are unprepared, and figuring out what to do while everything is in chaos,” she says.
“In crisis communications, the most important thing is being well prepared — then it’s a lot less stressful.”
“When a breach happens, the technical people focus on fixing the systems. Comms teams need to be ready to communicate with the public, the students, and the media.”
Switch has previously received positive feedback on its crisis management workshops: “People say the tabletop exercises help them understand their role in a crisis and how to prepare for the worst-case scenario.”
Expanding the community
The Security Communications and Learning Community is open to all higher education and research institutions in Switzerland, and Cornelia encourages anyone with an interest in security, communications, or digital learning to get involved. Switch aims to create a safe, friendly, inclusive space where people can learn from each other and collaborate.
To learn more about the community and how to participate, contact awareness@switch.ch.
A more secure future for higher education
As digital security becomes an increasingly essential part of higher education life — and of responsible citizenship — the Security Communications and Learning Community is providing a vital space for collaboration, skill-building, and shared learning.
By promoting the breaking down of departmental silos and reframing security as a core digital competency, the SCLC is empowering higher education and research institutions to better protect themselves, their staff, and their students. Bringing together IT, communications, and digital learning professionals from across a wide range of institutions, the community is helping to build a stronger, more resilient and future-ready security culture in higher education.
Useful links:
- Switch Security Awareness Competence Centre
- Video introduction to the Security Communications and Learning Community
- Digital Competence Framework for Citizens (DigComp) 2.2 (overview)
- Digital Competence Framework for Citizens (DigComp) 2.2 (including breakdown of competencies)
Cornelia Puhze is an information security awareness and communications expert at Switch, the Swiss national research and education network. As part of the multi-sector Switch-CERT, she supports various communities in managing the human risk in information security. Cornelia is educated to postgraduate level in multilingual, corporate and political communications, and has a background in language teaching. She co-chairs the FIRST SIG Human Factors in Security.
Also this year GÉANT joins the European Cyber Security Month, with the campaign ‘Your brain is the first line of defence‘. Read articles from cyber security experts within our community, watch the videos, and download campaign resources on connect.geant.org/csm24
