As digital technology continues to develop and permeate every aspect of our daily lives, the consequences of this interconnectivity are amplified—both positively and negatively. For instance, the ability to store increasing volumes of information online provides huge accessibility advantages in terms of speed, convenience and location. Unfortunately, this online advantage can also turn educational institutions into prime targets for hackers.
Whilst a combination of costly, high-profile data breaches and upcoming legislation around data protection has led to growing awareness around data security risks for business, fewer people are aware that higher education institutions are at a particularly high risk. In fact, according to the 2016 Internet Security Threats Report, the education sector is now one of the most popular targets for cybercrime. But why are these institutions such a desirable target for hackers?
Higher education is overflowing with data
Students are not the only people who can learn a lot from universities and colleges. The sheer range of data stored across institutional networks is one of the main reasons why access is coveted by cyber criminals—from payment systems storing credit card details to health-care databases containing confidential patient information and valuable intellectual property developed by research departments. Moreover, students are an attractive target because they can unwittingly carry malware into the network.
In addition to the sheer quantity of lucrative information available, barriers to network entry in higher education are often weaker than other kinds of organisations. This is often because of the number of people who require regular access to various types of information, in turn forcing IT departments to prioritise accessibility over sharing. These issues are compounded by a laissez-faire attitude to security from students, either through a lack of guidance on data security or general carelessness. A perspective like this in business would almost guarantee a breach.
The stakes are high
Not only is higher education a prime target for data breaches, it is also one of the costliest sectors for institutions that suffer one. The Ponemon Institute estimates that the average cost per record of an education breach can be as high as £205 ($300). Needless to say, financial losses on this scale have serious consequences, (especially when state funding is being squeezed) along with the reputational damage that comes from a high-profile breach.
So how can IT departments best protect their college or university against online threats? First and foremost, they must adopt an enterprise approach to security and stop ad hoc approaches. This involves shoring up the first line of defence by implementing a robust identity access management lifecycle program, coupled with strong anti-virus (AV) tools. It also means ensuring that sensitive data is encrypted both in transit between devices and wherever it resides, whether that be on-premise, on a laptop’s hard drive, or in the cloud.
Minimise the risk
Whilst a strong first line of defence is important, perhaps the most significant data protection challenge facing IT is the number of entry points that allow access to higher education networks. Rather than accessing information from a centralised location such as a data centre, students often store data and access networks through endpoint devices such as laptops and tablets.
This sheer number of entry points to a university network means that a breach is almost inevitable at some stage, whether a result of human error or malicious activity. Therefore, the focus of IT should be on minimising the risk and frequency of such events. One way to do this is to implement multi-factor authentication, which requires authorisation from more than one device when accessing the network. This prevents anyone from logging in with a single set of compromised details.
Also, as professionals operating in this sector are undoubtedly aware, education goes a long way. Implementing a clear data security policy and ensuring that it is clearly communicated to students and faculty, can reduce the chances of a breach due to basic mistakes.
Mitigate the consequences
Assuming the worst does happen and an institution suffers a data breach, IT departments will need to undertake damage limitation procedures. The first of these is to identify the source of a breach as quickly as possible. Implementing a modern endpoint backup tool can be invaluable because it provides IT with visibility across all information on the network, wherever it is stored or accessed. Using this information, IT professionals can act quickly to neutralise a potential threat.
Another important aspect of having a modern endpoint backup solution in place is that it ensures business and education continuity. Hackers can employ ransomware to encrypt the information stored on a network and demand a fee or ‘ransom’ for its return. In the meantime, activity is brought to a grinding halt, with severe consequences for productivity. For students studying for important exams or facing essay deadlines in particular, this can cause chaos.
However, by ensuring that data is continuously and comprehensively backed up, organisations are able to regain access in minutes. Not only does this remove the need to pay a ransom, it also means that activity can continue as usual. So whilst higher education may be viewed as a ‘Golden Goose’ for hackers, taking these simple steps could mean preventing them from gaining access to any ‘Golden Eggs.’
Rick Orloff is CSO at Code42