Dealing with College Cyber Threats

With so many cybersecurity threats on the prowl, institutions of higher learning will need to take steps to prevent them.
Dealing with College Cyber Threats
Like

Cybersecurity is a massive concern for higher education institutions. Even before the pandemic, these institutions have been collecting large amounts of data from students, researchers, faculty, and staff. With hybrid or fully remote curriculums, this problem has only gotten larger. Since many employees and students now work outside the campus perimeter, it has introduced new risks that need to be managed.

Cyberattacks have evolved and grown trickier as the Internet and software have progressed. Understanding the types of security threats that are most relevant to colleges and universities can help.

Phishing has been around but is now more adaptive than ever before. In a phishing attack, the hacker will pretend to be someone you know and exploit that trust to trick you into providing sensitive information such as passwords. Email tends to be the most common method cybercriminals use, but they can also hack into social media messaging accounts, for instance. Hackers can even try to impersonate your Information Technology (IT) team, so becoming familiar with the team and checking anything sent that is unusual can be valuable in fighting back against the hackers.

Targeting of university presidents or specific faculty members also occurs. Often referred to as “spear phishing” or “whaling,” the hacker will study the target individual’s behavior to find the most effective way to gain their trust. 

Educating students and staff on recognizing phishing messages can be incredibly effective at preventing successful attacks. This is particularly important because many students and faculty use their own electronic devices, which may not always have adequate security protection. 

If your institution isn’t already doing so, using multi-factor authentication can help prevent phishing attacks. With multi-factor authentication, students and faculty will need to enter additional codes sent to their email or phone in addition to their password to log in to the university’s system. People may not enjoy the extra addition of having to click something on their login or receive a phone call, but it’s been highly successful in protecting students, faculty, and staff when it comes to compromised credentials.

Ransomware is another major challenge facing colleges and universities today. A ransomware attack can have devastating consequences for any university. Ransomware is a type of malicious software that locates valuable data and holds it for a ransom sum. Colleges and universities hold a large amount of valuable student data and conduct valuable high-level research, which is why so many hackers use ransomware to target them. Ransom sums for these attacks can be extremely high and are often financially devastating. Some states like North Carolina and Florida have even tried to instill a prohibition on paying ransoms, so prevention is important.

To prevent ransomware, universities should have a robust firewall throughout the entire system and keep it updated. Additionally, making regular backups of your most important data can lessen the impact of a ransomware attack if it does happen. Working with a trustworthy IT provider can help you stay on top of your cybersecurity maintenance and prevent ransomware attacks. Communication with IT is critical because of the innovative research and information within universities. And hiring a consultant to do a business impact analysis can also be helpful.

Looking to the future, as biometrics evolve, people are using it more readily, and there could be an opportunity there in helping to prevent ransomware attacks.

Many hackers also use SQL injections when attacking higher learning institutions. They will enter a piece of malicious code into a query box, such as login pages and contact forms, on your website. The malicious code enables the hacker to access protected data and can even alter this data. There are ways to prevent SQL injections by using parameterized statements. Working with an IT company through the web design process and updating your website to address these security threats can make all the difference.

Additionally, it’s essential to schedule time for regular software updates, as outdated technology puts information even more at risk for cyberattacks. Missing even one software update can make your organization more vulnerable, so stay up to date!

In general, phishing, ransomware, and SQL injections are common ways hackers tend to infiltrate systems to gather data from higher institutions. With the explosion of cloud-based systems and the Internet of Things (IoT) that are now creating new points of entry, it is essential to develop a basis of communication with IT teams and increase personal awareness of these common threats.

Please sign in

If you are a registered user on AVIXA Xchange, please sign in

Go to the profile of Paul Konikowski
3 months ago

I really appreciate this article, especially the reminder about SQL injection attacks in web forms. If readers are creating custom webpages that require logins for intranet or dealer access, often known as "dealer portals" in the AV industry, be sure to check your inputs!  Don't assume your user is going to type only their username and password, they may be typing a malicious SQL command along with it! 

Go to the profile of Iulia Popescu
3 months ago

Yes, highly recommend using parameterized statements and communicating with an IT team about it all. AV professionals that use dealer portals should be especially careful with their inputs and be aware of these malicious SQL injections! 

Go to the profile of Aaron Weiler
about 2 months ago

Lulia, Institutions have come a long way when it comes to cybersecurity. I remember when my friends at college first got a high-speed shared connection in the dorm rooms. We were all abusing the heck out of it, bandwidth throttling, DDOS’ing others on the network and just causing general chaos. Why? Because no one was protecting the network! It’s interesting now that we have come so far to include AV devices on that network as well. This makes me wonder if there are a group of folks, just like I was, doing the same thing to the AV devices. I wonder what sort of measures these institutes are taking to ensure the students themselves don’t take control like I did with these AV devices. 

Go to the profile of Joé Lloyd
about 2 months ago

Hey Aaron - I am not sure about higher ed, but it is certainly happening around the world from DOOH like bus stops to casinos - a few years back, one casino was hacked through their fish tank!

Crazy stuff!