Colleges and universities are taking a hard look at the past year and the many data challenges they’ve faced amidst the COVID-19 pandemic. From phishing campaigns to ransomware attacks, the increased numbers of employees and students working and studying from home has greatly increased security risks for institutions of all sizes.
The 2018 Education Cybersecurity Report shows that the U.S. education systems rank last amongst U.S. industries for cybersecurity, and with colleges and universities holding personally identifiable information (PII), and financial and health records for many of those affiliated with the institution, this should not be the case. Additionally, many universities offer email for life for its faculty and alumni, creating a large attack surface for bad actors.
Higher institutions will dedicate just 3.6 percent of their IT budgets to information security. Combining poor security, a large attack surface, treasure troves of data and no real investment to change makes universities and colleges prime candidates for a cyberattack.
Below are three simple, yet effective, initiatives colleges and universities can take to improve their cybersecurity posture.
1. Train faculty and students—not just now, but frequently. New threats and attack vectors are constantly being introduced into the wild and it’s imperative that students and faculty are aware of the various types of cyber threats. Cybersecurity training is a constant, and it should be performed regularly for faculty, students, employees and third parties who have access to university or college resources.
Training must not only be provided but training compliance must be enforced and prioritized as it is often the most effective defense. For students, this could be mean registration holds for each semester they are active until training is completed. Further, training should be part of the annual review process for employees or locking of accounts until compliance is achieved. Finally, third parties should have access revoked until training is successfully completed.