Response from Michael Greene, CEO, Enzoic.
Higher education institutions in the US and abroad are increasingly becoming the target of cyberattacks. Reliance on digitized student records has given cybercriminals multiple avenues to access student information.
To accommodate the student, employee, and research needs, most higher education institutions maintain relatively open, accessible networks and systems. This presents a conundrum for schools: how to balance security needs while facilitating academic activities.
The risk to individual students is high: a breached student record delivers a comprehensive view of a student’s life including personal demographic data, academic records, financial information, and in some cases, even confidential medical data. Compounding these risks is the fact student records are retained for years after they leave the institution.
Students are often the source of potential data breaches. They need to be educated on cybersecurity hygiene principles including the risks with using old and outdated software programs and sharing login credentials with friends and other students. Another risk is downloading sensitive data to personal devices that are typically less protected than institution-owned computer systems or connecting personal devices to the school’s network.
Once connected to the school’s network, each of these personal devices pose additional vulnerabilities to the institution’s systems and many authentication solutions can only run on certain devices or devices that have certain technologies (like biometrics). Even if a school has robust security measures in place, the number of access points introduced by individual devices may unintentionally expose sensitive data.
Employee Data: The sheer variety and variability of employment statuses at academic institutions can create issues for IT departments who are charged with tracking and maintaining appropriate access for all employees as well as conducting cybersecurity awareness and training programs to prevent cyberattacks.
Affiliate Data: College and universities also keep sensitive data about applicants, parents, alumni, and donors.
Research Data: Sensitive data relating to government and corporate grants are most often housed in the departments that receive those grants or even on the devices of individual professors and graduate students who play key research roles. Institutions with large research programs tend to maintain proprietary information and data from external sources as well, including private companies and government entities.
Unlike corporate environments, most higher education institutions do not have a large IT budget and may lack an IT structure that can mandate implementation of new safeguards.
Credential and password screening coupled with ongoing monitoring needs to a critical part of a higher education institution’s security portfolio. This helps institutions strike the precarious balance of maintaining secure systems while preserving access to IT systems for academic pursuits.