Still not your responsibility. If they don't cough up the cash to properly manage the security, they can't expect any. Just because a trucking company doesn't want to pay for a mechanic, doesn't mean they can expect their drivers to repair blown engines.
- all input ports are blocked. Kinda provides security. Works fine as if things are so dire most academia would be hacked.
- these are not valuable like data from SSN or bank. So fewer attacks.
- if something gets f*ked - it gets bad name - people laugh it off. No one will get fired.
I know uni presidents that keep passwords on excel sheets. Life is like that.
Let's be honest corporate says training, retraining, testing - IT will install 3 different malware scanners and 2 AV to HOG CPU etc but some idiot will approve MFA/TOTP (okta) or like solarwinds. So everyone has their stupidity.
