Although healthcare is number one in breaches, education comes in at number two. There were 562 breaches found between 2005 and 2014, representing about 15.5 million records. Data breaches come with a price tag, which include cost for notifying affected individuals, investigation, remediation, credit monitoring, legal expenses and any tangible cost of harm to ones’ reputation.
Many people prefer an O.F.F. (open, flat and fast) type of connection when it comes to being connected.
Open- to collaborate and share and be easily accessible (which is against protecting data)
Flat- with little separation of systems and data (increasing vulnerability)
Fast- having that constant need for large internet bandwidth connection for data exchange (stains the budget)
Technical control to help with network security includes:
1.) Inventories to keep track of network hardware and devices
2.) Access control and data encryption protocols
3.) Regular scans to detect vulnerabilities
4.) Malware detection mechanisms
5.) Network firewalls
Implementations that most higher education systems should have include:
Keeping their incident response plan up-to-date; focus on user education; social engineering attacks (including email malware encrypted files); compliance around credit card and FERPA regulations and building a security framework to protect and research data as well as acceptable use policies (AUP’s) (Davis, n.d.).
The weak link in cybersecurity challenges is humans. Humans need to be more educated, especially when it comes to students, faculty and staff using technology in the education sector. Leaders really need to be aware because they are usually the number one target. Leaders are usually known after the hacker has done their research on the organization. People over finance and in leadership positions is where the malicious hackers can do the most damage and they tend to go to those people first, to see how vulnerable they are and what confidential information can be retrieved from them in the process.
In order to prevent breaches from occurring regular searches must be performed, vulnerability scans should occur and system updates/patches can help with detecting suspicious activity and mitigate threats across the board.
So let’s face it, malicious hackers will continue to get through education networks as well as other networks. If students, faculty and staff members are not educated to the point where they understand that the information they possess can be reached by hackers if they do the wrong things like trust any and every website, e-mail and/or document that comes into their inbox.
Davis, D. (n.d.). Cybersecurity in Higher Education. United Educators. Retrieved from https://www.ue.org/about-ue/profiles-in-managing-risk/managing-cybersecurity-in-higher-education/