Spooky: How Cyber Villains Haunt Higher Ed
Compliance Corner – Issue 1.7
It’s that time of year again; the nights are darker, the shadows are longer, and the houses creek as they adjust to the change in temperature. Little ghosts and goblins will soon be traipsing through the neighborhood, in search of goodies.
Of course, I’m thinking of Halloween, but I’m also thinking about those OTHER ghosts and goblins – the cyber villains – lurking in the shadows of the world wide web, in search of a different type of goodie – our valuable data.
October is Cyber Security Awareness Month and you’ve probably seen the emails and maybe you’ve even taken stock of your own cyber-habits. By now, most of us have learned that we should use a different password for every online account; it should be at least 12 digits in length and difficult to guess. We take these precautions to protect ourselves and our families from bad actors trying to hack into our bank accounts, or worse, steal our identity.
But are we taking the same precautions to vanquish cyber villains in the workplace? And are we at any greater risk of cyber security threat because we work in higher ed?
The answer may send chills up your cyber spine.
According to Collegis Education, institutions of higher education are especially vulnerable to cyber attacks. There are several reasons why:
- Colleges teach and employ thousands of people, so they possess large quantities of personal information like names, addresses, social security numbers, dates of birth and bank account numbers
- Academia, by its very nature, is about sharing information, so many institutions of higher ed are designed for open access
- Cyber villains are drawn to the sensitive information at the heart of research conducted, and intellectual property created, in higher ed settings
- Faculty, staff and students often work remotely, and may login to the school’s server over unsecured networks
- Users inadvertently admit malware into their school’s network through personal devices, usually due to a lack of training
- Underfunded schools use outdated tech which is easier to breach
Cyber villains gave higher ed a real scare as colleges reduced staff and shifted to remote classes when the Covid-19 pandemic took its toll. With fewer people left to monitor systems on campus, one study estimates a 30% increase in cyber attacks across higher ed during July and August of 2020. This was an increase 5 times higher than that in other industries during the same period.
So if higher ed is a hallowed haunt for hackers, what can those of us who work and study at institutions of higher learning do to keep the Bogey Man at bay? Despite their tricks, there are some treats we can share in the form of tips from VCU’s own Chief Information Security Officer Dan Han to foil cyber villains. According to Han, “Everyone can help ensure the security of our information, whether personal or that of the university.”
So, as Cyber Security Awareness Month draws to a close, and as you wait for the little ghosts and goblins to knock on your door, remember who else is out there, hoping you’ll let your cyber guard down. By staying alert to suspicious emails and DUO push requests, by maintaining your password and logging in to VCU’s system over a secure network, and by accessing the VPN when using personal devices, we can each do our part to keep cyber security from getting spooky.
For questions or concerns regarding cyber security at VCU, contact the Information Security Office at (804) 828-2227 or [email protected].
To learn about the latest scams, visit the Information Security Office’s blog at https://blogs.vcu.edu/phishing/.
Source: “InfogGraphic – Cybersecurity in Higher Ed.” Collegis Education – Tech-Enabled Higher Ed Solutions, 14 pr. 2022, https://collegiseducation.com/infographics/cybersecurity-in-higher-ed-understanding-vulnerabilities-and-preventing-attacks