Cybersecurity in Higher Education

By Nikhil_23IOix5G — In Cyber Security — February 11, 2022



New Learning Environments

Anyone who stops learning is old, whether at twenty or eighty. Anyone who keeps learning stays young. The greatest thing in life is to keep your mind young.” – Henry Ford

This saying makes more and more sense in today’s world where almost everything is on the Internet. This is true as people who were not able to complete their education or were working so hard that they had no time for studying are able to do it using the Internet. During this Pandemic universities adopted a hybrid method where the courses were being offered in-person and online.

These new learning paradigms are a treasure chest for hackers and scammers (bad guys) who target gullible people who are not technologically inclined.

User Demographic

Universities and schools have a wide variety of students, coming from all walks of life, with differing knowledge, skills, and abilities about technology; someone might be using a computer for the first time, people who have had a computer since they can remember, people with affliction towards using a computer as a device for studying, and watching videos, to people who just want to unlock their potential and see what a small device can do.

In this global market, universities have students from many countries and these international students may or may not have had a schooling on the topics of security on the Internet (cybersecurity).

Cyber-attacks – Phishing

The most common attack that take place in institutions of higher learning is Phishing, where an individual (usually a student) receives a “fake mail” regarding information they need, like on-campus employment for international students or an email from the education services saying their login credentials are at a risk. Students often fall prey to these fictitious emails and divulge sensitive information for e.g., passwords, credit card numbers, social security numbers, passport details, and driver’s license.

The “bad guys” use sensitive information to compromise the victims’ email account, bank account and social media reputation. Phishing is an easy and effective way for a hacker to get access to information, to steal data and to manipulate someone’s online identity, tarnish it or to do illicit tasks using someone else’s identity.

The best defense against phishing is knowing how to distinguish between mail from a legit source and from a hacker and applying this knowledge every time one is responding to emails. Further, not to respond if in doubt!

The Risk

This is a big concern for people as their Identities and personal data can be stolen. Hackers could use international students for espionage as they might be coming from disputed lands and might have sent

or said something that should not have been said, either voluntarily or after the hacker gained access to their account.

The major reason for students becoming victims of phishing, spam or a cyber attack is lack of awareness, this is one thing that needs to be changed and basic security techniques should be taught at an early stage and all students should have mandatory security training for them to distinguish between a legitimate mail and a not legitimate one.

Centralized Information Repositories

A student information system (SIS) (a.k.a., student management system, school administration software) is a management information system for establishments in the education sector used to manage student data. It integrates students, parents, teachers, and the administration related systems. Student information systems provide capabilities for registering students in courses; documenting grading, transcripts of academic achievement and co-curricular activities, and the results of student assessment scores; forming student schedules; tracking student attendance; generating reports and managing other student-related data needs in an educational institution.

This system is the backbone of any educational institution, if under attack this could lead to a data breach, where data pertaining to all the students, their parents, educators, and administrators can be out in the open for anyone to buy. The data in effect could contain information pertaining to Financials, health, and personally identifiable information (PII) like name, address, SSN, grades can be out in the open.

Teachers & Administrators

Data entered into the SIS by teachers is confidential! If teachers lack the necessary know-how on protecting this data, it could lead to a breach and the institution would be held responsible. Hence, it is important for educational organizations to train their staff (e.g., teachers, facilitators, administrators) on accessing and working with the SIS and on keeping that information private and confidential.

Safeguards (Security Controls)

Universities take several cyber precautions (implement security controls) when it comes to protecting data of the organization and people working and studying. In addition, federal laws like, FERPA (The Family Educational Rights and Privacy Act) and HIPPA (Health Insurance Portability and Accountability Act) ensure that organizations implement appropriate “security controls”.

MFA (Multi Factor Authentication) is a good example of a security control that ensures information can be accessed only by authorized persons. MFA uses two distinct methods of identifying the user, something that they know (password), something that they have (phone or email account) or something that is part of them (fingerprints).

Training and Security Awareness Programs have been found to be effective mechanism to mitigate cyber-risks due to human error (intentional and accidental).

Join us for our Upcoming Webinar on Cybersecurity or view past Webinars by using the Resources/Webinars Menu.

Spread the love