The recent cyber security incident at Blackbaud has demonstrated that universities must take more responsibility when it comes to protecting their systems.
The software provider was hit with ransomware earlier this year, giving cyber criminals access to a wealth of sensitive information from universities across the UK, the US and Canada.
Although the affected universities are – to some extent – innocent third parties in this attack, they have a regulatory obligation to make sure that anyone they partner with has appropriate information security measures in place.
They failed to do that in this case, which perhaps shouldn’t have come as a surprise, given that the education sector is consistently among the most vulnerable to attacks.
Things have only got worse during the pandemic, with a Check Point study reporting a 20% increase in cyber attacks on the education sector in the past two months.
So what can schools and universities do to curb the threat of data breaches? Here are five tips to help you get started.
1. Engage with stakeholders
Cyber security affects everybody, whether it’s employees responsible for protecting your data, third parties with whom you trust your information or data subjects themselves.
By helping them understand the importance of effective security – including the steps you’re taking to protect your systems and the ways they can help – you ensure that everybody is part of the solution.
One way you can do this is to provide staff awareness training for anyone who handles sensitive information as part of their job.
2. Install anti-malware software
Malware is one of the biggest risks that organisations face. It can wreak havoc by gaining access to and stealing confidential information, damaging files and even locking them and preventing access unless you pay a ransom.
Protecting against a broad range of malware (including computer viruses, worms, spyware, botnet software and ransomware) and including options for virus removal will protect your computer, your privacy and your important documents from attack.
3. Apply patches and updates
Cyber criminals can rapidly exploit vulnerabilities once they’ve been discovered and shared publicly.
Criminal hackers take advantage of known vulnerabilities in operating systems and third-party applications if they are not properly patched or updated.
Updating software and operating systems will help to fix these known weaknesses.
4. Implement access controls
Because of their large workforce and annual turnover of students, universities naturally have large networks with many entry points.
It’s therefore essential that you create access controls limiting who can access certain information. This reduces the risk of students or staff viewing information that they shouldn’t, and also limits what a cyber criminal can do if they compromise someone’s account.
5. Share your threat intelligence
Cyber criminals will often target multiple organisations using the same methods, looking for one that has a weakness that be exploited.
By communicating with other universities about the threats you face, you can help each other prepare for attacks.
For example, if one institution reports a particular phishing campaign targeting, say, an upcoming conference, other universities can spread the word among staff and students.
Likewise, if there’s another data breach such as the one that happened at Blackbaud, universities can help each other by describing how they were affected and urging fellow institutions to assess their systems.
How you can get started
You can find out more about the ways in which you can protect your organisation by reading Cyber Security and Business Resilience – Thinking strategically.
This free green paper explains:
- What elements to take into account as you plan your cyber security defences, and the value of thinking resiliently;
- The basics of risk assessment;
- Why it makes sense to take a defence-in-depth approach; and
- The key points to consider around prevention, detection and prevention.