New School Year, New Threats to Higher Education Data Security




(Uploaded: 2019-09-03 10:30:23 -- Author: Sally Rozumalski)


As the new school year heats up so are cyber security threats statistics say. With the opening of the fall term, many colleges and schools across the country are seeing an increase presence of cyber criminals trying to breach their walls. In higher education, IT administrators say internal threats are on the rise and 48 percent report believing that the greatest security risks come from within the campus. As we push closer to 2020, cyber threats to higher education remain in the top 10 industries targeted. 

 

Two such colleges in the US have experienced this back to school hiccup, with many more to potentially follow. Monroe College, a for-profit institution in New York City, as well as Regis University, a private institution in Denver Colorado, and The Stevens Institute in Hoboken, N.J.

 

At Regis University, IT staff at Regis are working “around the clock” to get things back to normal, including temporary phone lines that have been established to respond to students' questions and concerns.

 

As the University’s IT staff diligently work to regain a secure status, the question is, what happened?

 

University president, John Fitzgibbons said IT staff detected an “external malicious threat that likely originated outside the country” and he stated the shutdown of IT systems, phones and email was a precautionary measure.

 

Nothing further was shared regarding the nature of the attack.

 

Director of Communications, Jennifer Forker, has stated that things are still going “pretty smoothly” all things considered. But it’s still too soon to know specifics of the attack or when they’ll be back online.

 

While school morale and campus activities have not missed a beat, some students are still nervous. Serious questions are being raised, including whether exams will be delayed, how they should pay tuition and how they are expected to complete online class assignments.

 

Which Precautionary Measures are Crucial?

 

Just the same as at Regis, IT staff at Stevens intentionally disabled the college's network and some systems in response to the attack. The university, a private institution in Hoboken, N.J., known for the strength of its cybersecurity program, remained off-line for a week.

 

Nariman Farvardin, the president of Stevens, assured the Stevens community that the investigation of the attack is still ongoing but there is no reason to believe that employee or student data was compromised as a result of the attack.

 

On Aug. 20, the university announced that critical systems such as email and the student information system had been restored. A new Wi-Fi network was successfully deployed Aug. 21. All before the classes began as scheduled Aug. 26.

 

The attack at Stevens involved ransomware, but the quick actions of Stevens’s IT staff prevented the need to pay out any ransomware demand or loss of critical information.

 

Ransomware is often installed after an unwitting victim clicks on a fraudulent link in a phishing email. The malicious software then encrypts and blocks access to computer files that the user has permission to access. Hackers can then demand payment for an encryption key.

 

Victims of attacks like ransomware often focus on containing the damage and returning to normal operations as quickly as possible rather than conducting a detailed (and expensive) investigation into how the attack occurred, often, taking systems off-line could have major benefits.

 

  1. Preventing further damages by preventing the attack from spreading further
  2. Simplify the recovery process after a disaster plan is put into place
  3. Easier data recovery, password resets, and new security protocol implementation

Just to be clear.

Taking systems off-lie is in no way an easy or enjoyable task. But sometimes it IS essential.

The most important thing is to prevent the spread of an attack and sift through other systems to ensure they aren’t vulnerable.

 

Ransomware recovery time is lengthy and can take over a week even after decryption. The masterminds behind these attacks are smart, and more often than not, criminals by nature.

Colleges have been hit hard lately.  Especially due to their network openness and sheer mass of people accessing data. It’s surprising, how infrequent cases like this were in the past. Collegiate networks represent the perfect environment for a ransomware attack.

 

So how can you secure your network this school year?

  • Avoid clicking on links in emails,
  • Before you engage with any attachments, make sure the sender’s address matches the one in your contacts
  • Avoid providing sensitive information over the phone — Unless YOU initiate the call!
  • Take time to understand risks and regulations.

 

LACyber is a division of Lincoln Archives providing comprehensive Data Breach Defense Services. Lincoln Archives and LACyber are proud to be a part of Lincoln Family of Companies serving the Western New York Community since 1914.

Back to Blog Post Listings





We'd love to hear from you!