Universities are fully embracing digital change, notably through online learning, immersive teaching experiences, student management applications, and centralized communication platforms.
But while technology can offer tremendous benefits such as speed and efficiency, reliance on software also comes with downsides from a cybersecurity standpoint.
Hence education providers typically become more vulnerable as they start working with more IT systems and technology partners. Schools collect and accumulate lots of private information about students, alumni, and teachers, and store it across dispersed channels and databases — each of which represents exploitable entry points for hackers and creates room for confusion and mistakes.
So what happens next when things go wrong and educational institutions become the victim of cyber attacks and data loss? Let’s take a look at the potential risks and damages considering recent news stories and discussing how to mitigate and prevent breaches and technology misuses.
A letter of acceptance accidentally sent to the wrong recipients
How frustrating can it be to believe you have been accepted to the school of your choice just to find out that it wasn’t real? That’s precisely what 277 applicants went through after accidentally receiving an acceptance letter from Columbia University before being rejected an hour later. Similar stories have taken place in other educational institutions, in part because senders did not check whether the email list generated by their application was correct.
Leaking of personal data due to misconfigured permissions
When misused, file-sharing platforms represent another potential cybersecurity danger. In fact, Standford University was impacted by three separate data breaches caused by misconfigured permissions for files containing the personal information — employment details, financial and disciplinary data, and student sexual assault reports — of more than 10,000 individuals. The incident resulted in a cascade of severe repercussions for Stanford, among which the resignation of its chief digital officer.
Employees misled by phishing scams
It is easy to fall for a malicious scam when cybercriminals convincingly act out as a reliable source. That’s how hackers managed to deceive one or more of University of Alaska’s employees with a malicious attachment and gained access to the data of approximately 25,000 students and staff members. The establishment had no choice but to register potential victims to an ID theft insurance program.
Forced to pay a ransom to recover data
Technology often provides hackers with the upper hand. The University of Calgary learned this the hard way after being the target of a ransomware attack that encrypted the organization’s email servers. This led to the malfunction of computer systems and almost paralyzed operations for 10 days. The administration gave in after that period, paying the ransom of CAD 20,000 in exchange for the decryption key that unblocked the server.
Hacking of a third-party provider
Another crafty tactic cybercriminals have up their sleeve is attacking suppliers with a less secure IT environment, as it happened to the Clemson Alumni Association and its third-party vendor. Hackers succeeded in accessing the external system used by the association for email communications and drafted and sent a fraudulent email to subscribers.
How Schools Can Protect Data and IT Systems
All these incidents showcase the importance of proactively preventing and dealing with cybersecurity incidents and technology misuses. Here are several best practices which universities can follow to stay safe.
Educate students, teachers, and employees
Sometimes all it takes to avoid data breaches is a better understanding of the common attacks and human errors linked to the use of technology. Universities can start an awareness campaign and develop training programs so all users know what fraud and mistakes could look like to spot and stop hackers, scammers, and mispractices.
Implement effective security policies
Bearing in mind where humans and technology collide, education providers can develop security guidelines for students, teachers, and administrative employees. These may include requirements regarding passwords and the use of applications containing highly sensitive data — potentially with two-factor authentication and advanced permission settings.
Work with prevention and detection technology
As much as IT systems can lead to external attacks and human errors, they also play a crucial role in facilitating cybersecurity. Some applications are designed explicitly to flag dangers and prevent data loss — e.g., detecting spoofed email addresses, scanning for malicious attachments and sensitive information, and managing devices centrally with remote wipe capabilities.
Pay attention to third parties
Hackers think outside of the box and may go the long way to steal an organization’s valuable information. For that reason, it is necessary to secure both internal and external systems. Schools must assess whether vendors meet the highest standards in cybersecurity as well as thinking about which data to share with technology partners.
While technology can support universities’ day-to-day operations, there are instances where reliance on IT systems can fire back and lead to human errors, cyber attacks, and data breaches. To counteract this, education providers can incorporate cybersecurity best practices into their operations through security awareness, policies, and applications.
