School yourself on mobile and network cybersecurity basics this college acceptance season.
GUEST COLUMN | by Alex Pinto
Throughout the college acceptance season, institutions across the country experience an influx of mobile and network traffic as email addresses are being created, tuitions paid and student loan programs set up. With this annual increase in server traffic, educational institution leaders must do everything in their power to establish and maintain a security plan to protect not only their faculty and staff, but also the thousands of current and incoming students from cyberattacks that threaten to compromise or expose personal data.
According to Verizon research, last year more than one third (35%) of all cybersecurity breaches in the educational services sector were due to human error – various minor accidents and careless mistakes (mainly misdelivery and publishing errors) that caused major headaches for educational institutions. Furthermore, approximately one quarter of the breaches in this sector were web application attacks, the majority of which results from stolen credentials used to access cloud-based email. This is especially worrisome when you consider the uptick in web traffic during college acceptance season and the number of people that could be impacted by a breach.
Pencils ready? Here are a few steps that educational institution leaders can take to combat cyberattacks this season.
Interestingly, there was a significant shift in the education sector towards financially motivated crime from the past two years with most of the actors coming from organized criminal groups. Cyberespionage and state-affiliated attacks also continue to be a factor in educational breaches, in part due to research partnerships with private companies and other sensitive information held. Without taking the proper precautions to ensure that data is protected, educational institutions continuously run the risk of making themselves and their students vulnerable to an attack.
Learn Your Lesson
So how can educational institutions better protect themselves from cyberattack attempts? Though it’s not as easy as 1-2-3, once institution leaders survey their threat landscape, recognize their vulnerabilities, and set a standard for security to measure their performance against, they’re on the right track toward preventing attackers from destabilizing their mobile and network security.
Pencils ready? Here are a few steps that educational institution leaders can take to combat cyberattacks this season:
1. Study up on the threat landscape.
- Breaches common to the education industry are usually the result of poor security hygiene – a lack of both the baseline knowledge of how breaches occur, and the proper standards in place to mitigate threats and deal with the potential aftermath of an attack.
- When university administrators better understand the type of data they have and the threat actors who have typically seek that data, they can strategize security plans to protect themselves against these classic attacks.
2. Set an across-the-board security standard.
- With the massive demand to protect faculty, staff and students, educational administrators are naturally time-poor, overworked and under pressure. But putting practices in place to better combat cyberattacks threats does not have to be time-consuming and expensive.
- Thwarting those typical, insidious human errors can be as basic as tightening password security across your mobile (such as implementing second authentication factors) and turning off IMAP. Having the two-factor authentication alone can make it harder for threat actors to infiltrate a system through the common phishing scams like emails that direct to phony login pages.
3. Prepare before you have to repair.
- Though a cyberattack may seem individual and unique to an organization or institution, there are the “usual suspects” — threat actors that every industry must contend with like phishing, general email security, Ransomware and DoS to better understand and navigate the threat landscape. While the education sector may not have reported to experience each of those threats in great numbers, each should be addressed as part of a general security standard so that institutions can take the proper preventative measures and ensure mobile and network security.
- Put up all the necessary security defenses manageable, and make them strategic, data-driven and flexible. Educational administrators must be vigilant to recognize their vulnerabilities and weak spots, so they can better prioritize the most important areas to protect. Proper planning prevents poor performance: by paying close attention to detail and employing security safeguards, educational institutions can act against threats before they must react to cyberattacks or compromises. By creating and implementing a security plan, institutional leaders can measure their performance regularly and have a standard to compare against, so they can evaluate strengths and weaknesses. Doing this can lessen the impact of, or ward off, a cyberattack both during college acceptance season and year-round.
Alex Pinto is a Distinguished Engineer of the Security Solutions Group at Verizon Enterprise Services, currently managing the Verizon Security Research team, which is responsible for the Verizon Data Breach Investigations Report (DBIR). Alex has over 20 years of experience in building security solutions and products and the last 6 of those years have been solely dedicated to the application of data science techinques on cybersecurity. He also holds multiple certifications, such as CISSP-ISSAP, CISA, CISM, and was previously PMP and PCI-QSA certified.