By Sandra Felnsmith, CPA
As cybersecurity continues to grow as a concern across all industries in the U.S., colleges and universities need to stay ahead of the curve and explore new ways to lock down student, staff and faculty data. The costs of a data breach can be high; according to the Chronicle of Higher Education, the February 2014 hacking of the University of Maryland’s IT systems could cost the university millions of dollars. On top of that, the university must also combat the reputational harm that could come from the leak of its staff’s and students’ personal information. Why are data intrusions at higher education institutions on the rise? In addition to the risk that students, staff and faculty incur in their personal use of university information systems, the sheer amount of personal data stored on university servers makes them attractive to hackers looking to steal and sell identifying information, such as Social Security numbers. Some intruders may also simply be looking to cause some havoc.
Still, one of the more problematic causes behind the growth in cybersecurity breaches at universities is simply that many institutions do not prepare for them. In order to combat this complacency, here are a few steps colleges and universities can take to get ahead of the threat:
1. Understand the various types of cyber attacks.
Knowing the variety of intrusion methods used can help you plan your defense strategy. A substantial number of intrusions occur through phishing, in which a user unwittingly shares his or her password with a hacker. Other methods include the stealth installation of malware on computers, “brute force” attacks where hackers simply guess at passwords, and exploitation of known system vulnerabilities. Sometimes, an intrusion can even be facilitated by careless data protection on the university’s part, such as a failure to use adequate encryption for personal information
stored on its servers.
2. Invest in up-to-date software solutions to protect your systems.
While there’s no silver bullet, a robust package of anti-virus, anti-malware and firewall software installed throughout the system can erect hurdles to unscrupulous hackers looking for kinks in your armor.
3. Implement multilevel credentialing processes for IT users throughout the institution.
A strong password alone may not be sufficient to protect user accounts from intrusions. During one presentation, Brian Rivers and Holley Schramski of the University of Georgia discussed their institution’s new ArchPass system, which involves using a small device to generate a one-time numeric code that users must enter in addition to their passwords to access university systems. This added layer can help halt attacks, even when a hacker has access to a password.
4. Improve awareness cross-campus.
Take the time to educate stakeholders across your organization about best practices for protecting their data. Many attacks can be thwarted with common sense, such as not opening questionable emails and double checking site URLs before entering user credentials.
5. Act quickly to close vulnerabilities as soon as they appear.
With technology changing every day, standards for security protocols can quickly become obscure, and savvy hackers can find new loopholes to exploit. Universities and colleges should monitor for potential vulnerabilities on an ongoing basis and, upon finding them, should quickly remedy them, either by patching them or implementing new systems as needed.
Data security will continue to be a problem in the coming years for all organizations, but ongoing vigilance can go a long way toward helping your institution both anticipate and quickly respond to potential breaches.
For more information contact a Templeton adviser, info@templetonco.com.
This article originally appeared in BDO USA, LLP’s “Nonprofit Standard” newsletter (Summer 2014). Copyright © 2014 BDO USA, LLP. All rights reserved. www.bdo.com
