As cyber security threats continue to grow at a steady pace, an alarming trend is forming within the education sector. Colleges and universities are emerging as the trending target for information thieves and hackers. Recent studies show that the education sector is now the third most targeted field for hackers, behind only healthcare and finance/banking.
Why are universities becoming such an appealing target for hackers?
- Big universities can have tens of thousands of students enrolled at any given moment. With one breach, hackers can access information for a significant amount of people.
- Universities are responsible for several types of private and sensitive information they must store on behalf of their students. This includes transcripts, financial records, and even medical files.
- Financial information about an individual student’s family can also be accessed, as many students must provide this information to apply for financial aid.
- Many universities have on-campus hospitals or clinics that act as teaching resources for medical students. In addition to student files, the universities must store data about the patients being treated. This information will also be susceptible to loss if a breach occurs.
- Perhaps the biggest reason- universities are recipients of major grants and research stipends. Many universities hold their own patents, and have developed advances in many fields ranging from engineering to pharmaceuticals. If a breach occurred, hackers could gain access to proprietary research and information and use it for personal monetary gain at the cost of the university.
The biggest challenges universities face when it comes to dealing with these threats is the sheer number of students and staff on campus. Many of these students and staff come and go, so it is difficult to track a breach when it occurs.
Universities should be incorporating the following procedures in order to mitigate the risk of losing sensitive information:
- Install proper cyber and physical security protocols- make sure all firewall, antivirus, and any other security measures are in place and up to date.
- Conduct routine risk assessments to test strength of security in place to determine potential vulnerabilities.
- Protect important data and research on encrypted drives.
- If using cloud based storage services to store proprietary information, ensure that they are encrypted and compliant with necessary laws, e.g. cloud based storage services offering storage solutions to medical entities often offer a HIPAA-compliant version.
- Maintain strong compliance departments to ensure that FERPA laws and regulations are being met with and upheld
- Ensure that HIPAA compliance staff is also in place to manage and protect patient information.
- Educate students, staff, and faculty about cybersecurity. It is essential to educate as many people on campus as possible and make them aware about cyber threats so they prepare themselves and their devices. This can add an extra layer of protection between hackers and the academic institution they are targeting.
Universities already face many challenges today - balancing multimillion dollar budgets, attracting and recruiting students, competing for academic standing. However, they should not take the threat of cyber-attacks lightly. Even a slight breach of information can result in serious financial penalty, in addition to reputational loss. The combination of financial data, medical records, and proprietary files makes universities an ideal an appealing target for hackers. It is crucial that they take measures to anticipate and respond to this threat.
By Anirudh Nadkarni.