Check the news today and you’ll probably see a story about a data breach involving a corporation, healthcare organization, or government agency. But the industry that’s not receiving much fanfare, yet is extremely susceptible to attacks, is the education sector.
Data breaches in education are on the rise, and have more than doubled in just a few years, from 58 in 2015, to 127 in 2017. If those numbers seem small, remember that just one breach can involve hundreds of thousands of records; in fact, the EDUCAUSE Center for Analysis and Research reveals that approximately 15.5 million records have been exposed since 2005, with breaches occurring everywhere from small community colleges to some of the nation’s most prestigious universities, including Harvard. So, what is it that makes the education sector such an appealing target?
6 Reasons Hackers Target Colleges and Universities
1. Students have clean credit and rarely check their report.
Freshmen (and many other college students) typically have a clean credit record, which is a gold mine for thieves. Plus, students are unlikely to check their credit report during college, giving hackers years to operate unnoticed.
2. There is a wealth of valuable information.
The more information a hacker can obtain, the more money they can get on the dark web. And universities have a ton of it, including the names, addresses, phone numbers, date of birth, driver’s license and social security numbers, financial information, and medical histories of students and faculty. That’s not all; many universities have government-funded research facilities that may provide intellectual property, or scientific insights that could have high street value.
3. Security is often not very tight.
Colleges and universities are focused on controlling costs in order to keep tuition low and attract new students; and let’s face it, when students are researching potential schools, they’re probably not making their decision based upon a school’s online security. In turn, colleges and universities do not prioritize it.
4. Different systems for different departments.
Many campuses use different software across departments; the school of business, for example, may operate on a completely different software than the school of engineering. Diverse systems can be difficult to monitor and manage, allowing for network oversights, delays in applying patches, and slow reactions to security incidents.
5. There are fresh faces every year.
The population of a university changes every year. New students come in, old students go out. New faculty is hired, old faculty retires. That means there are a lot of people at any given time, completely unfamiliar with online policy and procedure who can easily fall prey to hackers.
6. Network use is extremely high.
Students spend a lot of time online, whether working or socializing. All of that network traffic and Wi-Fi usage makes it easy for hackers to make their way in through a vulnerability in a device.
How Universities Can Fight Back
First and foremost, students and staff need to be educated on cyber-crime. All incoming students should be required to take a one-credit course on some of the biggest threats they face, such as hacking via stolen credentials, email phishing, social media, and malware. They need to know how to recognize these threats, and protect themselves against them. But humans make mistakes (and students skip classes). So, universities need to follow best practices, including the use of content scanners, antivirus software, regular updates, daily backups, and patch management.
Of course, the very nature of colleges and universities can make a secure campus difficult to achieve. That’s why bringing in a third-party provider may be the best option. A third-party provider can help evaluate current systems of security and manage security issues; there are also many non-security benefits a provider can offer. DSM, Florida’s predictable cloud provider, can help keep your students and staff protected; we’ve worked with Florida Southern College and other Sunshine State educational institutions, and we’d like to help you too. Contact one of our IT experts today to learn more.