If you think that schools and colleges don’t need any cyber security as they don’t store any data that will interest criminals, think again.
In May 2015, Pennsylvania State University’s engineering school was the target of a cyber attack. The attack continued for few weeks before it was detected compromising records of some 18,000 students. In March 2014, University of Maryland’s network was the target of a cyber attack. It compromised 287,580 records of students, faculty, staff and other associated personnel. In July 2013, a cyber attack on University of Delaware exposed identities of more than 72,000 people.
The targets of these attacks are not restricted to the USA alone. In January 2012, the official website of King Saud University was hacked and data was dumped onto a file sharing site. In July 2015, six universities in Japan were attacked at the same time. Even as recently as March 2016, Concordia University in Canada was successfully attacked. All institutes around the globe are at risk. Most of these attacks (more than a third) were done by hacking or by malware and almost a fifth of those were done using a portable device. Apparently, even the sanctuary of education does not escape the evil eye of cyber criminals.
What is at risk?
Many institutes fail to understand the impact of a hack. After all, criminals are after money and educational institutes always seem to be short of it. But there is something more than that criminals value. Here are some reasons why criminals really hack an educational institute.
- Financial Data- Institutes store financial information of the students. Many students have direct debits set up for their monthly expenses. This requires the institute to store the bank details. This is a valuable information in the wrong hands.
- Personally Identifiable Information- Students are not very particular about their online activity. They are also the ones with cleanest or blank financial credit records. Subsequently, they are a prime target for identity theft.
- Enterprise Data- Information on students, teaching staff, donors, complex schedule management, student registration information, course evaluation material, fund raising efforts and strategies are all valuable information. If this information is lost, the whole operation of the Institute can be crippled.
- Educational Data- Research material, class schedules and grade management system, testing systems, online evaluation (online assignment submission portals) are all critical for imparting education. Integrity and availability of these are vital for operations of the Institute.
Challenges for educational institutes for ensuring cyber security
Institutes host multiple departments. They are high paced, high mobility and high activity environments. Many people access multiple systems from multiple locations. Data necessarily flows in and out of the system. This poses challenges for the security of the system. Here are a few challenges faced by most educational Institutes.
- Decentralized IT– Most of the departments in a typical Institute run their own IT systems. They have a wide variety of computer systems based on their requirements. Because of such diversity and spread of the network, implementation of security policies become difficult.
- BYOD culture- Institutes encourage students to bring their own devices to store data. Students work in labs, in classrooms and at their residence on the same They need to carry their data on USB drives and connect to whichever computer is available to them. Many students don’t spend on even basic antivirus and anti malware software. However, they download free and pirated software. This malicious software passes into institute’s network the moment student’s infected device is connected to a PC on the network.
- Open networks- Most institute’s networks are open for any device to connect. This is done to implement the philosophy of freedom of information. However, this means the network access is not properly monitored for unauthorized access and it’s easy for viruses, malware and hackers alike to enter and create havoc on the system.
- Internal threats- Students are high on energy and like to try hacking the system. It can be a prestigious achievement for a student to hack their own institute’s database to change their own grades, or change their credits and courses enrollment. Some students may also hack network with the intention to cause harm to other students by deleting their data or reducing their grades.
How to protect the Institute against cyber threats?
- Identify the most valuable IT assets and secure these with robust security systems at the very minimum.
- Implement a strong access control system based on student authentication, VPN etc. to prevent unauthorized access to the network.
- Create strong cyber security policies and spread awareness amongst students and staff to follow safe and secure practices. Make students understand that it is they who will be at loss due to their own insecure.
- Invest in a robust cyber security system which can provide safety to open, diverse and often brutally targeted system.
Educational institutes by their very nature need to have diverse and open IT systems. Students should be able to access the IT resources easily and from anywhere. However, the security of such systems needs not be compromised due to such requirements. Security products like Seqrite Endpoint Security provide the required level of safety for educational institutes.