With the digitization of education becoming more prominent than ever, it is imperative that higher education institutions prioritize information security. Universities and colleges are frequently the targets of cyber-attacks and so taking the necessary precautions to protect students, faculty, and administration requires immediate attention.
Greg Flanik, Chief Information Officer at Baldwin Wallace University shared his expertise of more than 21 years of experience in information technology (IT) and business alignment at Fierce Education’s recent Connected Campus virtual event, urging higher education institutions to take action to ensure cyber safety. The postsecondary education and research industry is seen as the prime target in cyberspace making up nearly 75% of all cyber-attacks, he said. You can view his presentation on demand here.
Since insurance companies consider cyber risk a liability and compliance requirements are growing exponentially, higher education institutions must treat cyber risk and its mitigation strategy like any other business risk. Flanik stresses that individuals at every level of the education system, from leaders to faculty to students, should be well equipped and trained in recognizing and handling cyber security issues. Individuals should be familiar with the most common cyber-attacks including: phishing, malware, compromised credentials, denial of service, malicious insiders, mis-configuration, missing or poor encryption, and web attacks.
Flanik shared that the top ways to protect your institutions are to:
- Increase security awareness and implement skills training among staff and students
- Manage who has access to what information
- Secure configurations of enterprise assets and software, encrypting sensitive data
In a cyber-attack, there are different kinds of data that could become compromised. Personal data is most often under siege (63%) as well as credentials (41%) such as login information and passwords, according to the most recent Verizon Data Breach Investigation Report. Ninety five percent of cyber attacks are motivated by potential financial gain, so encrypting sensitive data is imperative.
A new risk on the horizon is data extortion, which has increased by 82% in the past year. Data extortion is when sensitive information is stolen; this act is sometimes coupled with ransomware, where payment is demanded in exchange for the promise that the data will remain private. This sort of threat is usually external (95%) but occasionally (5%) the threat comes from inside the organization. Therefore, to help assess your cyber security, the following questions should be considered:
- Are there any MS Access Databases with sensitive information?
- What information is on the department share drive? Excel sheets with PII?
- What information is stored on institution laptops, OneDrive/Google Drive, and other storage areas?
- Is sensitive information sent via email?
- Are cellular devices used to access College/University email and is a PIN required to unlock it?
- Is encryption turned on in case the device is lost or stolen?
As colleges and universities continue to invest in digital connectivity and infrastructure, the risk is heightened for malicious hackers and/or cyber attacks. Higher education institutions need to ensure that student, faculty and administration data remains secure. Mandating training, encrypting data, and managing control access are effective and proactive methods to safeguard cyber security.