Do you know how many students are there in the EU?
About 17.5 million.
Just imagine how much data that is. Files, presentations, documents – the list goes on. If the data isn’t backed up, there’s a risk it could be lost forever should an incident occur.
Educational institutions are common targets for cyber criminals. In June last year, for example, the University of California, San Francisco paid attackers $1.14 million (about €930,000) to recover hacked data from its School of Medicine.
In this post, we look at:
- Why criminal hackers target higher education institutions;
- Cyber threats faced by higher education institutions; and
- Tips to protect data with backups.
Why do criminal hackers target higher education?
The recent surge in cyber attacks on colleges and universities around the world isn’t a coincidence.
Higher education institutions are poorly prepared to defend their data. Tests by the Jisc Security Operations Centre showed that a skilled hacker can access sensitive information and override financial systems within two hours.
Think about that – in just two hours, thousands of people’s valuable information can be stolen.
And the problem doesn’t end there.
Another major issue is that students and staff use universities’ public Wi-Fi to access their accounts and browse the Internet. For a skilled criminal hacker, getting their hands on the data wouldn’t be a major challenge – especially when they can find personal emails on the university’s website.
That’s why education remains the most affected industry lower than others, as this Microsoft Security Intelligence report showed.
Credit: Microsoft Security Intelligence
According to the report, 13% of the higher education sector has been infected with ransomware, so it comes as no surprise that institutions sometimes pay criminal hackers millions to recover their data.
In some cases, incidents are not discovered for months, leaving sensitive data exposed and putting institutions at risk of fines under the GDPR (General Data Protection Regulation).
Higher education institutions are also facing an ever-increasing range of threats.
Cyber threats faced by higher education institutions
- Spam/phishing emails
- Unsecured USB access
- Outdated browser security options
- Poor Wi-Fi network configuration
- DDoS (distributed denial-of-service) attacks
- Social engineering
- Outdated and ineffective web security protocols
- Third-party app security issues
- A lack of mobile device access control
- Zero-day exploits
To protect themselves, higher education institutions must employ a comprehensive cyber security strategy.
3 tips to protect data with backups
Colleges and universities must keep up with evolving web security technology to reduce the risk of cyber threats. Let’s look at the best practices for data backup in higher education.
- Classify data for a more effective backup and recovery
The first step to protect valuable data is to classify it by significance. This strategy is used by a wide range of organisations, from writing services to government agencies. It’s an important part of preparing for potential attacks and helps ensure faster recovery.
The classification defines the value of data based on its importance to mission-critical processes. In other words, a higher education institution can prioritise backing up certain data first to restore it quickly when the unthinkable happens.
The classification could include several levels:
- Level I – includes mission-critical, sensitive and private data such as the private data of students, employees and departments.
- Level II – information intended for public uses that has not been made public, such as study materials, documents, HR files, etc.
- Level III – publicly available information about the institution, staff and students, such as website content.
Level I should have the highest priority for data backup because it contains the most sensitive information. In many cases, higher education institutions store it on central servers with proper monitoring and protection procedures in place.
- Consider a Cloud storage and backup solution
Cloud storage and backup solutions are a way to save data online and improve disaster recovery.
They replace on-premise data storage, providing organisations with another, more secure place to store data. In the case of a cyber attack, an institution can restore files from secured servers.
Using a Cloud solution also reduces the cost of operations and disaster recovery. The processes are mostly taken care of by the storage provider. Backup service administrators have the same abilities as university server administrators, meaning they can manage file access, run checks and make backups.
Important: Less than 25% of Cloud storage providers have a high level of GDPR compliance, so check the GDPR compliance of a cloud service provider before using it.
- Spread awareness of cyber security best practices
Many web security problems arise due to a lack of proper education. Users of public university networks can easily open phishing emails and download harmful software – and as 94% of malware is delivered by email, this cannot be overlooked.
To minimise human error and associated data security risks:
- Launch an ongoing educational campaign in your institution. Print brochures, hold classes and workshops, and share tips on the institution’s website (like The University of Rochester guidelines below) to teach basic data backup strategies.
- Regularly update cyber security policies. Define data access rights, conduct mandatory data security training onboarding, and plan data loss prevention procedures.
The best way to protect data is to prevent an incident from happening in the first place, so focus on spreading awareness of best practices for better results.
Data backup in higher education: final thoughts
Colleges and universities are hacked at an increasing rate, and many still have inadequate data protection and backup systems in place.
The consequences of data loss are profound, with legal, operational and reputational repercussions, so having a data backup plan is a must.
In addition to using a Cloud solution to store data, higher education institutions should conduct web security campaigns and create policies to prevent breaches.
Furthermore, since many cyber attacks occur because of human error, educating students and staff is crucial to keeping valuable data safe.
Nicole Garrison is a content strategist, writer and contributor at Supreme Dissertations and TrustMyPaper. She is a dedicated and experienced author who pays particular attention to quality research. In her free time, Nicole is a passionate runner and a curious beekeeper. Moreover, she runs her own blog, LiveInspiredMagazine.