6 Surprising Security Threats Facing Your College
As technology continues to change and evolve, information security threats are growing ever more sophisticated. Gone are the days of hackers simply trying to gain notoriety by unleashing annoying viruses and spam. The complexity of today’s attacks is high, and the stakes are even higher—costing victims sensitive data, disrupted operations, hefty fines and restoration costs, tarnished reputations, and public embarrassment. Here are the top six security threats facing higher education today and what you can do to help protect your college from becoming a victim:
1. Ransomware is malicious software that holds your data hostage until you pay for its release.
A user typically installs ransomware by accident—often by downloading a file that appears to be legitimate (e.g. a resume) or by clicking on an infected website or pop-up window. The software is downloaded onto the user’s device where it then encrypts the hard drive, preventing access unless the user buys the key to unlock it. This can be crippling not only for individuals but also for community colleges because ransomware can encrypt hard drives or shared drives, where people store critical information, blocking the entire institution from accessing it. When it comes to ransomware, a combination of preventive measures—in the form of Security Awareness Training and detective controls using Behavioral Analysis Technologies—is a great mitigation strategies.
2. Social engineering uses psychology to trick people into divulging personal information or downloading malware. Tactics are most commonly deployed via an email or phone call and often appear to be from a legitimate source (e.g. the college IT help desk). Community colleges are a prime target for social engineering attacks because they store a wealth of sensitive information about their students, employees, and operations. In fact, social engineering is the culprit behind many of the security breaches you read about in the news. Colleges can perform a Security Assessment using popular social engineering techniques to try and trick users into taking the bait. This is an effective way for institutions to identify where their greatest risks exist and where more training is needed.
3. Denial of service attacks make online technology systems or applications, like your college’s website or learning management system, unavailable to users. Since community colleges rely on these systems and applications for many student services—such as application, enrollment, registration, and online learning—a denial of service of attack can severely impact operations and embarrass the institution. Penetration Testing involves evaluating and testing the college’s computer network architecture and identifying ways to strengthen it in order to prevent this type of attack.
4. Lack of proper security controls put community colleges at greater risk for an attack. A major culprit is security patches that were issued but not applied, which gives hackers open access to your network and serves as a gateway to bigger problems. A Security Assessment will highlight the existing holes in your network.
5. Outdated security policies can leave your institution exposed and vulnerable. However, with technology changing so quickly, it can be difficult for security policies to keep up. A Policies, Procedures, and Documentation Review should be conducted at least annually to identify where gaps exist and the necessary steps to keep your college safe.
6. Poor Vendor Management endangers community colleges that outsource IT or use cloud-based systems because vendors may lack the necessary security controls to properly safeguard your institution’s data and meet security compliance requirements. It’s critical to conduct a comprehensive Vendor Risk Assessment and Service Level Agreement (SLA) review to ensure that your vendor has the proper security controls in place to meet your institution’s security compliance requirements. If your college is thinking about outsourcing IT or moving to the cloud, you should conduct this review before engaging a vendor.
CampusWorks is a strategic consultant dedicated to helping higher education institutions overcome the business and technological challenges that stand in the way of student success. Joe Traino is the firm’s director of technology leverage and T.J. Arowolo is a chief information security officer.