Cyber Security

Top 5 cyber threats and how to protect your university

Here's how to stay on top of unsecured wi-fi, phishing attempts, and more

Higher-ed IT security professionals have their hands full contending with the various cyber threats coming their way, such as hackers using malware to compromise and take over crucial systems. With the vast amounts of private data that they gather, store, and analyze, higher ed institutions are a prime target for these kinds of attacks. Here are the top 5 cyber threats now jeopardizing higher education and what steps you can take to protect your university today.

1. Unsecured Wi-fi
Students and faculty will connect to the internet via Wi-fi, sometimes without caring whether their connection is protected. This is particularly an issue when members of the public have access to the network, which is common in higher-education environments.

As unwitting users provide their login credentials, criminals eavesdropping on these unsecured Wi-fi networks capture their passwords, which can then be used to take over their device.

If users rely on the same password for different accounts, criminals have even more access points to illegally log in. A report from Educause recommends that employees and students should receive proper training in avoiding dubious Wi-fi connections. They should also have access to two-factor identification as well as virtual private networks to protect their credentials from intruders.

(Next page: More cyber dangers and how to handle them)

2. Networked printers
Printers may seem like a simple, innocuous device, but they can often be a weak link in your institution’s network. The convenience of networking printers is offset by the danger they pose when deployed with their default settings still intact.

To combat this, your IT team should emphasize the use of stronger passwords in any networked equipment. Printers with wireless capability typically store data. Instruct your users to set their printers to automatically erase this data after printing. If they can justify leaving the information in memory, have them encrypt the data to prevent hackers from stealing it. When networked printers are set up in areas open to a lot of foot traffic, consider requiring users to enter a PIN before using them. Do not let their desire to freely share data with one another compromise these networked devices.

3. Lax security in cloud computing setups
The benefits of cloud computing to higher education are numerous, but it brings with it its own set of difficulties to overcome in terms of cybersecurity. With approximately 81 percent of higher-education IT leaders planning to increase their cloud spending, it’s clear that cloud adoption is growing. Therefore, bolstering your institution’s cloud security is paramount to ensuring that your users’ data is secure.

When it comes to cloud-computing access, you can reduce security worries by limiting the use of BYOD devices. Although this is becoming less practical, it can help alleviate the extra headaches involved in verifying that devices are suitably secure. Also, consider requiring two-factor identification for accessing university cloud systems.

4. Personal devices left unprotected
Cyber criminals will scan for smartwatches wirelessly linked to smartphones to FitBit-style devices storing exercise details to ordinary tablets and laptops and take advantage of the ones that have little or zero protection. Newer threats can come from individuals failing to secure their Internet of Things devices as well.

You’ll want to address these risks by mandating that your users receive training on how to safeguard their equipment with robust passphrases and on the importance of changing these passphrases on a regular basis. Your outreach efforts (email reminders, security policy memos, etc.) should explain the risk of data theft when devices are unsecured. Encourage users to download the latest operating-system updates (especially when the change is primarily for security concerns).

5. Phishing attempts
In higher ed, where sharing knowledge with peers is a way of life, open and convenient communication is essential. Unfortunately, it can also lead to weaknesses that cyber criminals love to exploit. One of the most difficult threats to staff is phishing attacks against your users.

Phishing involves criminals sending a fraudulent email that looks like it’s coming from a legitimate source. This is designed to get unsuspecting recipients to trust the message and click on a link that looks like it’s from, for example, their financial institution. The result could range from identity theft of your faculty, administrators, or students to their vital data being locked up with ransomware until the ransom is paid.

More steps to take
To help you address sophisticated and coordinated cyber threats that come on suddenly, it’s a good idea to set up a rapid response team. You and your team should meet regularly to rehearse how you will respond to rapidly unfolding events, such as a massive ransomware attack that follows advanced phishing exploits targeting your students, faculty, and administrators.

In addition to implementing advanced encryption and educating users on cybersecurity policy, setting up an incident response plan can help reduce the cost of a breach. In particular, “an incident response team can decrease the average cost of a data breach from $217 to $193.20.” Kroll, Inc., reported that a formal response team for cyber incidents can lower the average cost of breaches by as much as $17 per record.

With so many points of access and methods for cyber criminals to infiltrate your university’s computer systems, you have to remain vigilant, testing for weaknesses and staying on top of security best practices. This is a lot of information to keep up with, and chances are you could benefit by consulting with a trusted peer who has gone through similar cybersecurity issues.

[Editor’s note: This article was originally published on the Optimal Partners blog.].