In early April 2019, Georgia Tech announced that it was the target of a cyberattack that infiltrated its databases and stole personal information of up to 1.3 million current and former students, employees, and applicants.
Although the details of this attack are still developing, the announcement comes on the heels of charges filed in 2018 for a massive hacking scheme perpetrated against 144 US colleges and universities by a ring of Iranian hackers over a five year period.
Higher education institutions in the US and abroad are increasingly becoming the target of cyberattacks.
As high-profile attacks continue to make headlines, higher education IT departments must prioritize their budgets and personnel deployment to maintain effective security measures and heighten incident response. Understanding the special risks that face higher education is critical.
Higher education institutions are significant targets because of the massive volume of data they maintain, especially student records. Reliance on digitized student records have given cybercriminals multiple avenues to access student information.
The risk to individual students is high: a breached student record delivers a comprehensive view of a student’s life including personal demographic data, academic records, financial information, and in some cases, even confidential medical data. Compounding these risks is the fact student records are retained for years after they graduate or leave the institution .
Further, students themselves can be a source of potential data breaches. They may not be as familiar with cybersecurity hygiene principles, using old and outdated software programs and sharing login credentials with friends and other students.
IT system users – especially students – are often unaware that they are risking their school’s data security when downloading sensitive data to personal devices that are typically less protected than institution-owned computer systems. In addition, students may bring a number of devices to campus with the intent of connecting to the school’s network, including cell phones, tablets, gaming systems, and personal computers.
Once connected to the school’s network, each of these devices pose additional vulnerabilities to the institution’s systems and many authentication solutions can only run on certain devices or devices that have certain technologies (like biometrics). Even if an institution has robust security measures in place, the number of access points introduced by individual devices may unintentionally expose sensitive data.
To accommodate the student, employee, and research needs, most higher education institutions maintain relatively open, accessible networks and systems. This presents a conundrum many schools: how to balance security needs while facilitating academic activities.
Most universities have tried to strike this balance by creating decentralized data storage and housing sensitive data in many different locations, including departments, colleges, and central administration. A decentralized structure also means that different stakeholders are responsible for maintaining security measures.
Unlike corporate environments, most higher education institutions do not have a large IT budget and may lack an IT structure that can mandate implementation of new safeguards.
Credential and password screening is critical part of a higher education institution’s security portfolio. Ongoing monitoring of passwords is also critical. Using the right credential or password screening process helps institutions strike the precarious balance of maintaining secure systems while preserving access to IT systems for academic pursuits.
Currently, numerous higher education institutions use Enzoic to:
Our education sector customers typically seek to improve their password policies and ensure compliance with the current NIST 800-63B authentication guidelines. They can easily check when passwords are being created but also continuously monitor existing passwords. This allows higher ed institutions to reduce or eliminate periodic password resets, alleviate a help-desk burden and minimize frustration for students and staff.Josh Horwitz, COO, Enzoic
Enzoic is an affordable authentication solution that runs on all devices to better protect educational institutions with no friction for students and faculty.