Cyber attacks on colleges and universities are on the rise, and higher education institutions are not yet prepared to meet this growing threat. According to Security Scorecard‘s 2018 Education Cybersecurity Report, the education sector comes in last among 17 US industries when it comes to total cybersecurity.
How can colleges and universities ensure better cybersecurity in higher education? Here’s a look at the threats schools face and some tips on how to bolster the defenses.
Cybersecurity in higher education faces major threats
Like businesses, many colleges and universities are digitally transforming formerly analog processes, from admissions databases to online learning systems. As they do so, they are collecting large quantities of personal identifying information (PII) such as student names, addresses, and social security numbers. They may also gather and store financial information, medical records, research studies, and test scores—in short, a vast range of sensitive data that can be accessed across multiple endpoints. If that data is breached or stolen, schools could suffer serious consequences.
Malicious actors are hip to this trend, of course, and they are now targeting the education sector. As EDUCAUSE‘s Information Security Almanac for April 2019 notes, the top rated information security threat that colleges and universities report, by far, is the exposure of confidential or sensitive information (79 percent). The next highest concern—mail viruses, ransomware, or other malware—comes in at only 31 percent.
How data breaches could hurt colleges and universities
Why are colleges and universities so worried about breaches? They are incredibly costly and can rapidly escalate into public relations disasters. As Inside Higher Ed reports, after the admissions databases at Grinnell, Oberlin, and Hamilton colleges were breached in 2019, applicants were alarmed to receive emails inviting them to purchase their entire admissions files, complete with juicy details on how admissions officers scored their applications and whether they were on the fence about admitting them. Needless to say, prospective students might seriously reconsider enrolling if they received such an email, which would deliver a direct hit to the school’s bottom line.
Concerned donors who wonder whether their donations are being properly invested might even reconsider their gifts in the event of a breach. And since student data eventually becomes alumni data, alumni could bring significant pressure to bear on the institution as well.
Tips for better security implementation
So how can higher education institutions address gaps in their security and better protect student privacy? As EdTech Magazine points out, schools should conduct a security risk assessment to understand the unique risks they face. It’s a good idea to review information security policies (especially with respect to identity and access management) to ensure that individual users aren’t able to access systems or data beyond their purview.
Layered security implementation across your campus network is also a must. That way, a malicious actor will find it that much harder to sneak in via an endpoint and tap into the heaps of sensitive data within. One way to accomplish this with lean resources is strengthening your print security with advanced printers that automatically detect security incidents, issue a timely heads up to the campus IT team, and self-heal. With built-in defense at the device level, hackers will come up against a firmly slammed door.
Managed print services add another layer to your campus defenses and bolster data security by encrypting documents as they travel to office printers so they’re shielded from prying eyes. Pull printing features ensure that only authorized users are able to claim documents at printers with proper identification, such as a PIN code or a smart card. Partnering with an experienced MPS provider can help you assess and improve the security of your current print environment and identify cost-saving opportunities at the same time.
Don’t forget the human element
The security breaches involving the admissions databases at Grinnell, Oberlin, and Hamilton colleges began with unauthorized password resets executed on staff accounts, so it’s wise to offer comprehensive security awareness training for students, faculty, and staff. This is especially true for anyone who handles sensitive data, as any security lapses on their part could have a proportionally greater impact on the school. And with students using a variety of devices to access campus resources on potentially unsecured Wi-Fi networks, even seemingly innocuous use of key systems could open the door to a breach.
Cyber attackers are increasingly targeting colleges and universities, hoping to pillage their valuable data. Higher education institutions that understand this growing threat now rate it as their top information security concern. By conducting a risk assessment, implementing multilayered defenses, and educating the campus community on best practices, higher-ed IT pros can help keep private information safe and secure.