Higher Ed IT security professionals have their hands full contending with the various cyber threats coming their way, such as hackers using malware to compromise and take over crucial systems. With the vast amounts of private data that they gather, store, and analyze, Higher Ed institutions are a prime target for these kinds of attacks. Here are the top 5 cyber threats now jeopardizing higher education and what steps you can take to protect your university today.
1. Unsecured Wifi
Students and faculty will connect to the Internet via Wifi, sometimes without caring whether their connection is protected. This is particularly an issue when members of the public have access to the network, which is common in higher education environments.
As unwitting users provide their login credentials, criminals eavesdropping on these unsecured Wifi networks capture their passwords, which can then be used to take over their device.
If users rely on the same password for different accounts, criminals have even more access points to illegally log in. A report from Educause recommends that employees and students should receive proper training in avoiding dubious Wifi connections. They should also have access to two-factor identification as well as virtual private networks to protect their credentials from intruders.
2. Networked Printers
A printer may seem like a simple, innocuous device, but they can often be a weak link in your institution’s network. The convenience of networking printers is offset by the danger they pose when deployed with their default settings still intact.
When networked printers are set up in areas open to a lot of foot traffic, consider requiring users to enter a PIN before using them.
To combat this, your IT team should emphasize the use of stronger passwords in any networked equipment. Printers with wireless capability typically store data. Instruct your users to set their printers to automatically erase this data after printing. If they can justify leaving the information in memory, have them encrypt the data to prevent hackers from stealing it. When networked printers are set up in areas open to a lot of foot traffic, consider requiring users to enter a PIN before using them. Do not let their desire to freely share data with one another compromise these networked devices.
3. Lax Security in Cloud Computing Setups
The benefits of cloud computing to higher education are numerous, but it brings with it its own set of difficulties to overcome in terms of cybersecurity. With approximately 81% of higher education IT leaders planning to increase their cloud spending, according to EdTech Magazine, it’s clear that cloud adoption is growing. Therefore, bolstering your institution’s cloud security is paramount to ensuring that your users’ data is secure.
When it comes to cloud computing access, you can reduce security worries by limiting the use of BYOD devices. Although this is becoming less practical, it can help alleviate the extra headaches involved in verifying that devices are suitably secure. Also, consider requiring two-factor identification for accessing university cloud systems.
4. Personal Devices Left Unprotected
In the university environment, you can count on a great number of devices being left unprotected by their owners. They may not understand the security issues or find themselves too busy to learn about them, let alone deploy the necessary protection.
From smartwatches wirelessly linked to smartphones, to FitBit-style devices storing exercise details of the user to ordinary tablets and laptops, cyber criminals will scan for these devices and take advantage of the ones that have little or zero protection. Newer threats can come from individuals failing to secure their Internet of Things devices as well.
Your outreach efforts should explain the risk of data theft when devices are unsecured.
You’ll want to address these risks by mandating that your users receive training on how to safeguard their equipment with robust passphrases and on the importance of changing these passphrases on a regular basis. Your outreach efforts (email reminders, security policy memos, etc.) should explain the risk of data theft when devices are unsecured. Encourage users to download the latest updates to the operating systems of their devices (especially when the change is primarily for security concerns).
5. Phishing Attempts
In Higher Ed, where sharing knowledge with peers is a way of life, open and convenient communication is essential. Unfortunately, it can also lead to weaknesses that cyber criminals love to exploit. One of the most difficult threats to staff off is phishing attacks against your users.
Phishing involves criminals sending a fraudulent email that looks like it’s coming from a legitimate source. This is designed to get unsuspecting recipients to trust the message and click on a link that looks like it’s from, for example, their financial institution. The result could range from identity theft of your faculty, administrators or students to their vital data being locked up with ransomware until the ransom is paid.
To help you address sophisticated and coordinated cyber threats that come on suddenly, it’s a good idea for you to set up a rapid response team in advance. You and your team should meet on a regular basis to rehearse how you will respond to rapidly unfolding events, such as a massive ransomware attack that follows advanced phishing exploits targeting your students, faculty, and administrators.
In addition to implementing advanced encryption and educating users on cyber security policy, setting up an incident response plan “can help reduce the cost of a breach,” noted a report from University Business. In particular, “an incident response team can decrease the average cost of a data breach from $217 to $193.20.” It also noted that Kroll, Inc. reported that a formal response team for cyber incidents can lower the average cost of breaches by as much as $17 per record.
With so many points of access and methods for cyber criminals to infiltrate your university’s computer systems, you have to remain vigilant, testing for weaknesses and staying on top of security best practices. This is a lot of information to keep up with, and chances are you could benefit by consulting with a trusted peer who has gone through similar cyber security issues. If you have any questions, send us a request today.
Avoid costly mistakes and wasted time – talk to an impartial peer in Higher Ed!
There is nothing like speaking with a peer who has implemented the same product – send us a request.
You can also provide general feedback, inquire about additional free resources, submit a topic you’d like us to cover, tell us about a feature you’d like to see, or request the best staff for your project.