Cyber Security For Universities: How To Secure Your Data

Higher education institutions, like organisations in other sectors, collect, use, and store a range of sensitive and confidential data. The nature of the data makes it valuable for hackers motivated by financial gain. So how are universities at risk and what can they do to better secure their research, student, and employee data?

How universities are vulnerable to cyber attacks
 
Along with student and employee data, the types of highly sensitive information held by universities include defence research projects with national security implications. As centres of research, universities can also be vulnerable to attacks for commercial gain, such as stealing intellectual property, trade secrets, and scientific and technological  research. Malicious actors could be criminal syndicates or foreign states.
Attacks could be conducted by using malware to infiltrate the university's network and steal information. Additionally, student accounts themselves could be a key vulnerability. Hackers could focus on poorly secured elements in students' accounts to hack into the university's system before stealing valuable data and research.
 
For example, phishing has been identified as a relatively common way for compromising student accounts. Administrative staff accounts could be hacked to send out malicious links that appear legitimate to students.
 
Finally, another vulnerability could be human error, such as in the example of Stanford University. In that case a misconfigured school server exposed staff personal information, financial aid data, student disciplinary records, and reports of sexual violence.
 
The bottom line is universities could be particularly vulnerable because while they hold valuable research, they don't typically design their IT infrastructure with secrecy and security at top of mind.
 
What would hackers do with stolen university data
 
Hackers could install ransomware to disrupt your network or at the threat of releasing confidential data - from financial information and health records to academic and personal data - if you don't you pay a ransom. In 2017 alone ransomware attacks cost businesses around the world around US$1 billion.
 
Other types of attacks include cheating, such as in the University of Iowa case where the system was hacked to extract advanced copies of exams and to change students' grades.
 
Stolen university data could be valuable if it's in the form of research papers, academic journals, dissertations, and ebooks. The research could allow organisations and states to gain an economic or a defence advantage. Personal data on students who go on to become leaders could also be valuable to state actors.
 
A recent attack of this nature targeted tens of thousands of professors worldwide to obtain intellectual property and academic data, which cost billions of dollars to procure.
 
The motivation could go beyond commercial trade secrets to goals like espionage and intelligence gathering. Spoofing websites and fake login websites are some of the tools used to steal credentials in these types of attacks, and libraries could be especially targeted as they often hold the research.

9 practices universities can implement to protect their data 

Universities could better protect their data with a multilayered approach that covers training and the basics as well as budgeting for cyber-security resources.
 
1. Software
 
Universities can start by ensuring their software is up to date and by avoiding pirated software.
 
2. Basics
 
Basic measures like two-factor authentication and prohibiting or strictly managing bring-your-own devices (BYOD) and USBs can reinforce security practices.
 
3. Training and awareness 

The human element could be the weak link and so mandatory training on the basics like phishing attacks could also help. Make sure you raise awareness among the student body as well.
 
4. Endpoints
 
Universities need to focus on protecting all endpoints, from email and BOYD to remote work and Wi-Fi networks, and be alert to new threats that might arise.
 
5. Backups
 
A backup schedule is essential given how much data universities handle. To avoid complete loss, review your backup management strategy. In addition, secure your physical assets, like servers.
Response plan
 
Having a dedicated emergency response team or plan could allow universities under attack to respond more quickly.
 
6. Audits
 
Conduct regular security audits of your assets and practices to identify vulnerabilities. Review how you classify and protect your data. Check your copy data management policy since the more copies you store, the more copies are at risk of breach. Ask vendors and partners for audits of their practices.
 
7. Involve the IT academic department
 
Universities could boost their cyber-security strategies by having IT departments work closely with the IT academic and teaching department. After all, you likely have a team of researchers with in-depth knowledge or even cutting-edge research on the top security risks. For example, universities like Oxford involve their IT academic staff for their IT security strategy.
 
8. Emerging technologies
 
Recognising defeating cyber threats is an ongoing process means universities should keep up to date with the emerging tech for cyber security and be willing to adopt appropriate solutions. Adopting the right tech solutions should ideally be coupled with policy, guidance, and education for staff.
 
9. Funding and associations
 
Universities need to ensure they have adequate equipment, funding, and staffing for address this global issue facing higher education institutions around the world. Smaller institutions in particular could be inadequately resourced and so should make it a priority.
 
Across the whole sector, universities could band together to create a national university-based cyber security network, something Canadian university associations have recommended. Sharing strategies and insights across universities with a network like this could ensure all member institutions get up to speed with the latest threats and solutions.
 
Universities are at high risk of cyber attacks due to the amount of data and research they manage. To better secure your data, look at a full range of security options ranging from making students and staff aware the risks to working with other universities to share knowledge.
 
Protect your data with Kiandra IT’s security solutions

To learn more about security solutions for your organisation get in touch with the expert team at Kiandra IT. We can identify all the potential threats your business faces and secure your data against them. Get in touch today.