Cybersecurity Threats to Universities and Colleges

Cybersecurity has become a focal point in the backdrop of COVID-19. Cyberattacks targeting colleges and universities have been on the rise since the pandemic began as institutions migrated to remote learning.

Digital devices, including laptops, were configured, and cloud services were scaled up, with urgency taking precedence over security. Cyberattacks targeting researchers studying COVID-19 at universities also rose so sharply that the government had to issue a warning. Most students and faculty do not receive proper cybersecurity training and are unaware of steps they should be taking to protect themselves and valuable data.

Here are the top cybersecurity threats faced by higher education institutions and steps that can be taken to safeguard against them.

Ransomware

This is an attack in which your data is held hostage by a hacker until you pay for its release. Users can install ransomware accidentally by downloading a file or clicking on an infected pop-up window. Apart from targeting individual users, ransomware attacks can block access to shared drives used by multiple people at universities and colleges containing critical information. 

Universities must assess their environment and create a security posture around a framework. Many universities choose to use the CIS framework, as it enables them to have a thorough understanding of the risks and the remediation required to lower the associated risks, such as ransomware. 

Based on the results of the CIS assessment, universities typically require segmentation of and controlled access to confidential data and a well-developed and tested Incident Response plan for what to do if ransomware or other major events impact the environment. LCM has extensive experience providing all these services. 

The final component of LCM’s Life Cycle Approach is our MSSP services, aligned to the CIS framework. The CIS framework enables LCM’s customers to measure and evaluate the effectiveness of the service while continuing to improve their security posture. 

Internal and External Threats

These attacks target systems, including in-house and cloud-based university systems, or external-facing applications, making them unavailable to users. With the reliance on online systems at an all-time high, attacks can severely impact a university or college’s operations.

To protect against these attacks, LCM offers our clients Fortinet technologies aligned to the CIS controls as part of our professional services. 

With our Life Cycle approach, LCM engineers implement and manage all Fortinet technologies required to meet the CIS controls and protect against internal and external threats. These technologies include next-generation firewalls, SIEM, authentication, management, and EDR endpoint.

Phishing

Hackers use deceptive emails to gain access to sensitive information. These can be sent from addresses that might resemble an official email and are becoming increasingly sophisticated and challenging to detect. Students and faculty are high targets for these attacks because of the valuable data, including personal information they store on their computers and emails. 

LCM works with our clients to create a customized Security Awareness Training Program to meet their specific needs. Each user’s present security awareness is measured, and then they are required to participate in the security awareness program and capture their results to evaluate their compliance to the program. The effectiveness of the program is tested using Phishing Campaigns and Social Engineering. Any employee failing any of these tests will be put through further remediation awareness training. 

Universities and colleges are under threat from cybersecurity attacks. Contact us today to see how LCM can implement a budgeted cybersecurity plan based on the CIS Framework that fits the need of your institution.