October is National Cyber Security Awareness Month, which aims to raise awareness and educate Americans about cyber security. In the ten years since the initiative was launched by the U.S. Department of Homeland Security and the National Cyber Security Alliance, the number of threats faced by colleges and universities has increased exponentially. With safeguards in place to protect their networks, however, institutions are becoming increasingly prepared to defend their resources.
What does cybercrime look like?
Higher education cyberattacks include crime rings stealing credit card numbers, Chinese and Russian governments trying to infiltrate nuclear research databases, and students hacking the registrar's office to change grades. Higher education is particularly vulnerable to attacks due to the openness of their systems.
Stanford University recently experienced a breach disguised as a phishing scheme, said Thomas C. Black, Associate Vice Provost for Student Affairs and University Registrar at Stanford University. According to Black, the emails, and the links embedded within them, were so cleverly created that students, faculty, and staff were easily fooled by the scheme.
Protect against cyberattacks
Colleges and universities spend hundreds of thousands of dollars to protect themselves against cyber attacks. They use firewalls to block intrusion attempts and filters to identify spam. If a hacker takes control of a computer connected to the network, IT officials have to isolate it before any major damage is done.
According to Black, Stanford's breach was so serious that the president and provost have ordered all students, faculty, and staff to adopt a two-step authentication. The process involves using two types of authentication to verify identity for systems with higher than normal levels of security, such as critical business or infrastructure systems. Two-step authentication also helps protect users' account if someone else learns their password.
Colleges and universities can defend themselves against cyber attacks in many ways, ranging from simple to complex and expensive. Administrators should first set policies that control access to computer networks. For example, a college might require that student records always be encrypted, limit which employees can access the records, and bar the data from being downloaded to less secure devices. Experts also recommend multifactor authentication, similar to Stanford's new system, in which users might have to enter a password and answer a separate question to access the network.