As we continue the conversation on National Campus Safety Awareness Month, our focus shifts from the environmental challenges we face in the classroom and across our campus communities to the increasing online risks we face every day—but seldom see until it’s usually too late.
Between May and July of this year, approximately 143 million people across the United States potentially had their names, social security numbers, credit card numbers and a myriad of equally sensitive information stolen by online criminals.
The attack targeted Equifax, one of the nation’s top credit reporting agencies, and it is reflective of the ever-evolving and growing threat of cyber security breaches, especially for schools.
In fact, just recently international hackers broke into the digital infrastructure of four Florida school district networks with the intent of stealing the personal data of hundreds of thousands of students.
According to United Data Technologies, the cybersecurity company that investigated the breaches, the hackers infected the systems with malware that halted user monitoring, enabling the criminals to prod and probe for roughly three months with little to no detection.
Unfortunately, this story is becoming more common for schools as hackers and cyber criminals continue to focus their efforts on exploiting vulnerabilities to gain access to digital infrastructure and sensitive information.
The numbers behind these types of school-focused attacks are not pretty. Since 2005, approximately 10,538,778 records have been compromised through 673 breaches of U.S. institutions—and these figures continue to grow.
In recent years, there have been several growing forms of digital disruption that have targeted schools, including distributed denial of service attacks, ransomware and email scams. Additionally, a growing switch to cloud services creates even more potential vulnerabilities for schools.
So what can a campus community do to limit or prevent such an attack?
There are a number of proactive measures that should be considered when reviewing your school’s digital infrastructure.
From an organizational standpoint, your IT team should not operate in a silo. They need to collaborate and coordinate with your school’s leadership so that all cyber security efforts are reinforced and strengthened through a best-practice approach.
At the individual level, ensure that all digital points of entry are protected with antivirus software, firewalls and similar security measures. It’s just as important to ensure these platforms are kept up to date and that regular password changes are enforced for all users on your network.
Beyond these points, there are a number of steps your school can take to mitigate these types of risks before they have a chance to disrupt your operations. These efforts include:
- Conduct a risk assessment
- Categorize data
- Determine who has access
- Manage your faculty and staff
- Control administrative rights
- Take a multi-layer approach toward cyber security
- Encrypt information
- Track portable devices
- Monitor inexpensive assets
- Maintain physical access control
- Dispose of records properly
- Implement policies and procedures
- Manage your vendors
- Invest in insurance coverage
Staying abreast of the latest trends and tricks in cyber threats is a crucial component of taking a defensive stand toward potential breaches and attacks—and this shouldn’t be the sole requirement of a few individuals.
Building and sustaining a campus community that is not only aware of these threats but also actively monitoring and defending against them is a huge advantage that can help avoid those tiny breaches that turn into big nightmares for a campus community.
There’s certainly a degree of spend and resource that’s required to stay ahead of these types of threats, but ultimately this pales in comparison to the potential financial and organizational devastation a serious breach can pose.
Do you have any questions or concerns about what we’ve discussed? Let us know about it. We look forward to hearing from you.
If you liked this, check out these great articles:
- Understanding and Preventing Heat Stress:
- Post Your OSHA Logs from February 1 to April 30, 2023
- AB 2068 – Requires Employers To Post Cal/OSHA Citations And Orders In Multiple Languages
- Post Your OSHA Logs from February 1 to April 30, 2022
- Going Public With Your Cannabis Business: The Importance of Corporate Governance
