Colleges and universities are responsible for housing and protecting valuable data throughout their IT systems. With the current requirements for remote learning, school networks and servers are being utilized like ever before and becoming even more of a target for bad actors. Because of restrictive budgets and limited resources, higher education cyber defenses are often insufficient to stave off cybercriminals. To defend this sensitive data, colleges and universities are focusing on network security and cyber education for both staff and students.
According to Deep Dive into Cyber Security Reality, a recent report by FireEye, ransomware and malicious file transfers continue to be an issue for colleges and universities. The report found that controls did not prevent or detect ransomware threats 68 percent of the time and 48 percent of the time file transfers weren’t detected. These numbers highlight the need for stronger cyber tools and users that are equipped with the knowledge of how to spot threats before they invade.
Recently, the University of California at Berkeley and the University of Virginia have shared tips for colleges and universities looking to bolster cyber efforts during these uncertain times. The University of California at Berkeley Information Security Office has created a Cybersecurity Tips and Best Practices Guide to aid schools and users on their cyber journey. The guide lists the basics of protecting data as well as the responsibility that comes with shared data. Phishing, ransomware, and malware attacks are all covered with helpful resources that promote security awareness.
The University of Virginia has created the Information Security at UVA site to serve as a reference guide and threat hotline to students and staff. The current remote environment has been a topic of conversation for Ryan Wright, the C. Coleman McGehee Professor of Commerce at the University of Virginia’s McIntire School of Commerce. “We tend to think of cybersecurity as a technical problem, but it is really a human problem. Ninety to 95 percent of attacks on organizations are attacks on individual people,” he said.
Wright explained that phishing and ransomware attacks continue to be a problem for colleges and universities. With more time spent online for coursework, bad actors are focusing on valuable data produced and shared between students and staff. “Back up your computer’s data! If your work computer in your office was backed-up automatically and now it’s at home, you should check with your LSP or computer support person to verify it is still being backed up. If it is not, work with this person to come up with a backup scheme. Backups are particularly important if you are ever the victim of a ransomware attack,” stated a recent UVA blog.
As colleges and universities continue to struggle with ransomware and phishing attacks, it’s important that network users are educated on cyber threats and how to spot them. If a cybercriminal does succeed, it’s crucial that schools have the right systems in place to detect and neutralize threats before valuable data is stolen.
While organizations continue to heavily invest in security tools, employee training, and critical assets, research shows that the majority of organizations are operating on the assumption that their security protocols mitigate risks – but that is far from the truth. “The best way for your organization to combat this disconnect is to validate the effectiveness of your security program through ongoing, automated assessment, optimization, and rationalization. This will enable you to minimize cyber risk across your entire organization by protecting not only critical assets but also brand reputation and economic value,” stated the report.