Colleges and Universities are Prime Cyber Attack Targets

Cutting-edge research has made Higher Education a prime target.

The combination of employee and student personal and financial information, confidential data such as medical records, and commercially desirable research combined with the cultural openness of higher education has made Colleges and Universities prime targets.

The type of attack has also changed significantly. Lone wolf hackers creating nuisance viruses have been replaced by sophisticated foreign governments and organized crime rings.

Higher Education is particularly hard to protect because, in contrast to corporations, higher education computer networks must allow for more open access to employees and students.

security-threat.jpg

Attack Threats

  • Research:
    Expensive, cutting-edge research is a prime target.
  • Phishing:
    Using social engineering to trick someone into giving out usernames, passwords, bank account numbers or other sensitive information.
  • Spear phishing:
    Advanced phishing using Facebook, LinkedIn or other means to get specific information on an individual to create an email that is specific for them.
  • Operating systems and software that are not updated.
  • Using a University’s powerful computers to launch even bigger attacks or to send out phishing or spam emails.
  • Hardware:
    All types of tablets and cell phones are connecting to systems with no control over their software updates. Cell phones are the least secure devices and “jailbreaking” them makes the phone even less secure.

Possible Solutions

  • Educating all employees and students:
    Most attacks are now implemented by social engineering. You are the target!
  • Strong passwords:
    This cannot be emphasized enough. This is the gateway to the University systems.
  • Multi-layer security:
    Firewalls, anti-virus, and anti-malware software.
  • Encryption:
    Encryption makes your data unreadable without a key. The most sensitive data especially needs to be protected.
  • Multi-factor authentication:
    Also known as two-factor authentication, is an extra layer of security to your account that requires something you know (a username and password) and something you have (a code sent to your phone).
  • Backup data:
    If attacked by ransomware, this is the only way to get data back without paying the ransom and paying the ransom does not guarantee access to the data.
  • Limit which employees can access sensitive data.