August 3, 2022

Protecting Universities from Cyberattacks as Students Head Back for the Fall

Protecting Universities from Cyberattacks as Students Head Back for the Fall

As students begin the process of heading back to college for fall, schools need to get proactive about protecting their students and faculty from the dangers of cyberattacks. Cyberattacks on universities have increased exponentially since 2020 with a peak in spring when classes moved online because of COVID 19. It is still a relevant problem in 2022 because ninety two percent of higher education institutes reported breaches or attacks in the past year.

The biggest threat from these cyberattacks is ransomware. These attacks cost the institutions millions of dollars in downtime and ransom money so that they could get their data unlocked by the hackers that orchestrated the attack. Cyber criminals target universities because of the large amount of employee and student information they hold. The FBI has even recognized ransomware as one of the major cyber threats to universities.  

This data often contains sensitive information such as medical records and financial information of students and staff. Some attackers have even successfully used ransomware to gain access to intellectual property of medicine and engineering information. In 2021, the University of California ended up paying a ransom of one million dollars to regain access to data the hackers had locked from the school of medicine. Tekscape is a national managed service provider of IT that specializes in cybersecurity. One of the industries we work with is education and today we are going to talk about protecting universities from cyberattacks.

Common Cyberattack Types at Education Institutions

• Phishing - Using social engineering to trick someone into giving out usernames, passwords, bank account numbers or other sensitive information.

• Spear phishing – Advanced phishing using Facebook, LinkedIn or other means to get specific information on an individual to create an email that is specific for them.

• Operating systems and software that are not updated - Using a university’s powerful computers to launch even bigger attacks or to send out phishing or spam emails.

• Hardware – All types of tablets and cell phones are connecting to systems with no control over their software updates. Cell phones are one of the least secure devices.

“It is more economically feasible to spend $1 million than potentially $10 million to retrieve the data.”

Adam Hardi - Higher education senior analyst at Moody’s Investors Service

Protecting Universities from Cyberattacks

Perform a cybersecurity risk assessment before students and staff head back and reassess at regular intervals. Initiative-taking is the easiest way to prevent a cybersecurity attack before it happens. Before your staff and students head back for the fall semester, schedule a penetration test and a risk assessment so you can know where the gaps are that cybercriminals will exploit. Both assessments will point out the vulnerabilities in your school’s data center and network. These assessments can be performed by an internal IT team but using a third-party organization is better because it comes with specialty trained technicians.

Have a cybersecurity incident response plan ready.

No cyber threat mitigation plan is one hundred percent effective, therefore it is important to have an incident response plan in place in case of an occurrence. Your plan should start with selecting the right person that should be notified in case of an incident. Once that person is selected, a plan should be made as to how your school will respond to that attack. The plan that you create should be tailored to your specific needs and address preparation, detection, analysis, containment, eradication, and recovery. If there is not a person or department at the facility who feels comfortable with executing this plan, a managed service provider is your next best option.

Make sure your faculty and students are aware of the dangers of cyberattacks.

Awareness training is an easy way to help staff and students spot the things that allow ransomware and malware to infiltrate data. Most of these attacks come from users clicking links in phishing emails. Phishing is a web-based scam where cyber criminals send communications that appear to be from a legitimate organization that asks the user to provide sensitive information. These scams are often marked with urgency so that the victim will provide the information quickly. When your staff and students undergo cyber awareness training, they will learn how to spot these emails before a breach occurs.

Tighten accessibility to school networks.

Schools must keep track of who has access to their network. Validating all user credentials on a regular basis can help with this and will tighten security. Without user security, hackers can use authenticated profiles to access data and steal information. A straightforward way to do this is to enable two factor authentication to protect users from password theft. You should also always disable accounts and access when they are no longer required.

Keep up with good cybersecurity hygiene.

Because universities hold so much personal information relating to their students, implementing good cyber hygiene is imperative. Having good cyber hygiene means having active measures in place such as antivirus software, patch management, and firewall management. All of this software must be regularly updated and tested to ensure a good foundation for cybersecurity. If your internal IT department does not have the ability to handle these tests and updates, it is another good reason to hire a managed service provider.

Managed security for education

Tekscape supports educational institutes across the nation with managed IT, security, and collaboration tools for successful outcomes and performance. Cybercrime is on the rise and shows no signs of slowing down. Schools are a prime target for cybercriminals. Make sure your locations are protected with managed endpoint security, firewalls, disaster recovery testing, awareness training, and risk assessments. You can read more about our cybersecurity offerings for education here.

About Tekscape

Tekscape is a nationally recognized managed IT services company that has been in operation since 2007. We are headquartered in New York City but serve clients all over the United States. Based on our engineers’ deep technical knowledge and leveraging our strategic relationships with the world’s leading cloud providers, Tekscape excels at supporting companies globally with information technology solutions. Tekscape services include managed IT, managed security services, cloud computing, network, advisory services, compliance, and collaboration.

Recent Articles

Join our newsletter and get updates on the latest in tech.

Sign up by adding your preferred email below.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.