In the past few years, higher education institutions have been frequently targeted by cyber criminals:
- The College of Southern Idaho and Daytona State College were affected by W-2 scams.
- Boston University and Los Angeles Valley College were attacked by ransomware.
- Rutgers University was impacted by multiple DDoS attacks.
- A phishing scam caused a breach of 25,000 records at the University of Alaska.
What can higher education institutions do to protect themselves as well as their students and faculty from cyber attacks?
In this article, we'll look at some unique cyber security challenges faced by colleges and universities and what they can do to protect themselves from hackers.
But first, here's why investing in cyber security is worth the effort:
The High Cost of Cyber Attacks Against Higher Education Institutions
Cyber attacks can cost a higher education institution dearly. According to Ponemon’s 2017 Cost of Data Breach Study, the average cost per compromised record is estimated to be $245.
These security breaches can also put institutions at risk of being out of compliance with many data-security related regulations, such as FERPA, HIPAA, HITECH, COPPA, GDPR, and PCI DSS.
In addition, a significant data breach can put the day-to-day operation of an institution to a grinding halt. The cost of downtime can be quite staggering. According to a survey by ITIC, 98% of organizations indicated that a single hour of downtime could cost them over $100,000.
Cybersecurity Challenges Faced By Higher Education Institutions
Unlike private enterprises, colleges and universities operate on an open-campus model designed to encourage fluid information exchange. As such, the communities and data systems are often very porous by design, allowing cybercriminals more opportunities and entry points to breach the systems.
Here are some unique cyber security challenges faced by higher education institutions:
- Data variety: higher education institutions have to process and store a large variety of data. Besides personal information of students, alumni, staff, and faculty, they also need to protect information on financial aid, donations, research, and inventions or intellectual property (IP.) This poses more challenging in systematizing a cyber security protocol.
- Decentralization: from academic departments and research facilities to student housing and athletic divisions, colleges and universities often operate in a decentralized manner. Data is collected, stored, and processed by different entities without a centralized system to ensure a high level of security.
- Varied rules and regulations: the wide scope of activities in a higher education institution often means it's subject to many different standards, regulations, and legal requirements -- making it difficult to enforce a single regulatory framework to standardize cyber security measures.
- Funding: securing funding for preventive measures, such as cyber security, from donors and trustees is quite a challenge. With many competing priorities, the importance of cyber security is often overlooked until it's too late.
- Use of personal devices: students access the university's IT infrastructure with their own devices, which can get lost or stolen. In addition, it's almost impossible to protect every single device from hackers.
- Leadership's priorities and experience: rising through the ranks of academia, most university presidents and cabinet members don't have experience in cyber security nor the bandwidth to cultivate the awareness. In addition, CIOs or IT leaders are often excluded from the president's cabinet, making it hard to gain support on strategic IT initiatives.
How Higher Education Institution Can Improve Cybersecurity
Despite the various challenges, many colleges and universities are making strides in bolstering their cyber security to protect the sensitive information of their students, alumni, faculty, staff, and donors, as well as their research data and intellectual properties.
Here's what higher education institutions can do to improve cyber security:
Cultivate Awareness and Provide Training
Hackers often attack higher education institutions using social engineering techniques such as phishing, spear phishing, vishing, smishing, and pretexting to extract personal identifiable information (PII) or login credentials from students, faculty, or staff to gain access to the network.
To prevent these attacks, you need to build awareness and create a culture of cyber security.
Provide training and education to all students and staff members. Share the latest security updates and send out periodic reminders to help everyone do his/her part.
Secure Personal Devices
Personal devices used by students, faculty, and employees can expose your network to hackers. It's important to provide the necessary training and implement the right security measures.
- Encourage users to set up device tracking and enable the ability to wipe a device when it's lost or stolen.
- Educate users on installing apps only from trusted sources and be cautious when granting permission to access data, camera, or microphone on their devices.
- Make sure users set up a passcode so the phone is locked when not in use.
- Discourage the use of auto-login, especially for accessing the institution's network.
- Remind users to use only secured wifi network, especially when logging into the university's system.
Assess Your Security Threats
If you haven't done so lately, perform a complete data security audit. This will help you understand vulnerabilities in your system so you can put in the necessary measures to prevent data leak.
This security audit should assess your technology infrastructure, organizational policies, and user training. Oftentimes, it's advisable to have a third-party expert to assist you with this evaluation so you can get an unbiased assessment and recommendations.
Strengthen Cloud Security
Cloud-computing is used for many critical functions, from file sharing to project management and payroll. While it can lighten the workload for your IT department, it also introduces some security concerns that hadn't existed in the past.
Here's what you can do to increase security while using the cloud:
- Educate users on the appropriate password security protocol.
- Encourage or mandate the use of two-factor authentication for signing in.
- Do your due diligence when selecting cloud service provider to ensure compliance.
- Use access control to limit admin priviledge to sensitive information.
- Stay current on the latest cloud security threats to make sure your providers have the proper security measures in place to keep your information safe.
Secure Your Sensitive Data With a Customized Solution
Colleges and universities have unique requirements and challenges when it comes to cyber security. To protect your institution from hackers, you need a comprehensive IT security solution from an IT security provider that specializes in working with educational institutions.
Don't wait till it's too late. Get in touch to see how Ntiva can help enhance your data security and protect your institution from cybercriminals.