Let’s face it: these days, if your students don’t have internet access, you might as well close shop. With the technologies you have at your disposal, that’s not really a problem – until you realize that each network comes with its own security risks. Campus networks, in particular, are difficult to keep safe. Why? Imagine thousands of users, all using the network from their own devices and bringing in malware and viruses. You’re basically relying on your students to keep your network safe. Just thinking about it is enough to give you a headache.
So what can you do about it? Frankly, the details are murky. Each security software vendor touts its solution’s extensive features that will stop even the most cunning hacker. But you’ll soon find out that reality isn’t as cut-and-dry as they make it out to be. Read on to get a more accurate picture of today’s campus cybersecurity landscape, as well as some realistic solutions you can apply to your strategy.
Why are attackers targeting universities?
According to Symantec, in recent years, 10 percent of reported security breaches involved the education sector. Universities are targeted in particular because of their vast stores of personal data and expensive research, coupled with the numerous vulnerabilities created by the large number of network users.
Researchers have found almost 14 million .edu email addresses belonging to university students, faculty, staff and alumni for sale on the dark web. These addresses are valuable because they can be used to get discounts on laptops or tablets, and even access to sensitive data such as Social Security numbers, credit card data, passwords, home addresses, and phone numbers. It’s not just actual students who are being targeted. Admissions offices also hold private information like student Social Security numbers and addresses, as well as their families’ data from financial aid applications.
Phishing attacks, for example, are very popular among hackers targeting universities. These attacks steal passwords by sending users links to fake websites that look like the official ones. Phishing is already a big problem in corporate environments, where people already have some experience with cyber attacks. Students, however, are more susceptible to falling for them, since they lack the experience to spot the scams. Phishing is so effective that, according to Duo Security, 70 percent of UK universities have fallen victim to such attacks.
Hackers love to target current trends, like creating fake guides or cheat apps for popular games, and, in this case, fake-to-school apps. These compromised applications target kids and families who are getting ready for another school year. RiskIQ analyzed 9,343 active mobile apps, 1,182 (12.7%) of which were blacklisted. One method of spotting these fake apps would be to monitor permissions. If a game is requesting access to your call data and billing, it’s most likely trying to drain your account. Another way would be to look at the developer’s contact details – if they’re using a free email address. Employees of reputable brands normally have email addresses on that company’s own domain, not Yahoo or Google.
So what are universities doing about it?
Universities have started to take measures against cyber attacks, yet it’s safe to say that there’s still a long way to go. Higher education institutions are actually paying increased attention to their network security. In fact, according to a University Business survey, 47% of academic institutions planned to invest significantly in network and data security in 2017. Furthermore, 29% of respondents’ institutions were victims of cyber attacks in 2016. However, in a recent study, Tinfoil Security tested the networks of 557 state universities with a cross-site scripting (XSS) attack. The results were disappointing: 25 percent of them were vulnerable.
The main issue about protecting campus networks is the lack of control over its endpoints. It’s easy to protect endpoints when they’re under your control. However, each student on campus comes with his or her own number of devices. You’ve basically got your hands tied when it comes to their security. To counteract this, Mary Ann Blair, Carnegie Mellon’s chief information security officer said that all their students are required to take a tech literacy course, in which cybersecurity is a focus. That way, students are made aware of the importance of cybersecurity and stay on guard if, for example, they’re send a phishing email.
Courses are not always effective, of course. Some students may not pay attention or understand the concepts. Some might just not care. That’s when you need a fail-safe. Dennis Borin, a senior solutions architect at security company EfficientIP, which protects 75 campuses across the US, said that his company casts a wide net over the web traffic. That way, if they detect any suspicious activity, they can warn the student and even kick the device off the network if needed.
No such thing as 100% safe
In the end, simply acknowledging the issue is a big step towards protecting your campus network from attackers. Many universities don’t realize exactly how vulnerable their data is, and that’s holding them back from taking the right steps.
While cutting-edge security solutions do help, you can’t really get far if most of your students are oblivious to the threats lurking all around them. Try implementing awareness and training programs for new students to teach them how to stay alert while using the campus network and make sure that they’re not spreading malware by using infected devices. By combining the right protection tools with proper cybersecurity education, your fight against attackers will become much easier.
In the end, the truth is that campus networks will probably never be 100% secure. There’s just too much device traffic to keep everything under control. However, a joint approach will help you dramatically mitigate your risks and keep your students’ data – and yours – safe.