Cyberattacks have been surging over the last few years, and hackers make no exceptions about who they target. Government organizations, prominent companies, and even hospitals have fallen victim to attacks.
The sector that saw the most significant rise in cyberattacks was education and research. In 2021, there were 1605 attacks per organization each week, a substantial increase from the years before.
This article will look at why hackers are targeting colleges at an alarming rate. It will also provide tips for students and college staff on minimizing risk and protecting their data.
Why Do Hackers Target Colleges?
Hackers perform attacks because they want to steal data. The more valuable the data is, the more is in it for them. Colleges and other educational institutions are loaded with valuable data from
- student information,
- research activities,
- partnerships, etc.
The research these colleges conduct can hold valuable information about a nation’s military, societal, or developmental plans. Student data held in colleges goes well beyond names and birthdates. It also includes personally identifiable information (PII) such as:
- social security numbers,
- passport information,
- credit scores,
- banking/loan information,
- healthcare data.
Another reason why hackers love targeting colleges is that they’re still not secure enough. Educational institutions operate on limited budgets, and they rarely use these budgets to bolster cybersecurity. This is problematic considering the number of devices each college hosts, with multiple potential breaching points.
Students are also often easy targets. Each year, there are thousands of new students that are inexperienced with cybercrime and make for easy targets.
As colleges were forced to move a large portion of their operations online in the last few years, the threat became even greater.
Tips for Students, Staff, and Faculty
To protect against this great threat, everyone from students to faculty to staff has to be involved in making their cyber-environment safer. It can start from something as simple as distributing cyber best practice handbooks to network users.
But in the long run, that won’t be enough. An in-depth stance and approach toward cybersecurity is needed for colleges to stand a chance against this great threat.
Here are some tips and best practices that colleges can implement to protect against cyberattacks:
As previously stated, increasing cyber-awareness across the institution should be a top priority. Nearly half of all data breaches in the education sector come from phishing attacks. This fact screams “poor awareness,” as cyber-aware individuals are usually quick to detect phishing attempts.
Training faculties, whether it’s through simple handbooks or in-depth video tutorials, is the first step toward increasing cyber-awareness and resilience.
Not everyone needs to receive in-depth training, but staff in frontline roles such as network managers definitely should. Since education is their specialty, colleges could also develop quick cyber-training courses for students.
Good Credential Hygiene
With the sheer amount of devices present on college campuses, staff and students rarely do enough to protect them with strong passwords. An unprotected device means that anyone, whether a student or a threat actor, can physically access it and do damage.
There have been instances where hackers would walk into campus and inject computers with harmful USB drives.
Faculties should encourage students and staff to practice good password hygiene. They could provide them with a password manager to easily store and generate strong passwords.
Consider Building a Security Team
Larger colleges that are heavily involved in critical research and have large student pools could even consider building a security team.
Hiring a CISO (Chief Information Security Officer) is the first step toward building a solid cybersecurity team. The CISO will be responsible for staffing the team and ensuring that the organization is well-positioned to withstand attacks.
Smaller colleges can opt for hiring a part-time CISO that will overlook internal policies and procedures.
Review Vendor Relationships
Colleges cooperate with many third-party vendors for various services. As part of the cooperation, they share large amounts of information. Colleges can’t function without these relationships. Still, they should take a more proactive approach to assess the security stance of those they cooperate with.
Colleges have to vet vendors before signing agreements and granting them access to information. These agreements should include a vow to protect sensitive student data.
Network Access Control (NAC)
One of the major security problems for colleges is that students often bring their personal devices and use them to connect to the college network. Many of these devices are poorly protected and increase the vulnerability of the entire network.
By installing a NAC appliance, colleges can protect their networks by ensuring that all devices that try to connect to them meet security standards. The NAC will analyze devices and ensure they have the latest antivirus and operating system versions. If they don’t, they will be sent to the appropriate websites to install the necessary updates.
Colleges are on the frontline of cybercrime. They hold an immense amount of valuable data that hackers find appealing, such as staff and student information, state or privately-sponsored research, etc.
What’s more, colleges are usually poorly positioned to protect themselves from attacks. They’re often understaffed and lack the cyber-awareness to react.
By following some of the tips laid out in this article, students, staff, and faculty leaders can significantly improve their security posture and ensure the safety of their data. Cyber-awareness training is particularly important in boosting the security posture.