The Soft Academic Cybersecurity Underbelly
The school year is officially underway in the United States. The echoes of “goodbyes” between parents and kids in front of college dorms have faded and many a high school senior is close to deciding which institution to commit their next two-to-four years to.
Parents have every reason to be concerned with their children’s campus safety today. While many parents will conjure up images of scary active shooter scenes or violent protests, they quite rarely consider the campus’s cybersecurity.
The reality is that our colleges and universities have become a favorite target for hackers and scam artists. But why would somebody want to target our hallowed educational institutions? The answer is simple: Schools have all of our personal information and they usually keep it forever, stored on networks that are used by curious students and sheltered academics who make poor cybersecurity decisions, putting the entire corpus of information at risk.
It’s not just active students who have to worry, either. When considering which colleges to apply to, most applicants are concerned with the institution’s proximity to (or distance from) home, quality of education, available majors, athletics, and even party scene. (That last point should surprise all of nobody.)
The vast majority of Americans—students and parents—don’t think twice about sending an application filled with all their personal information to several schools, hoping for admission. Admissions offices at colleges and universities all over the country keep these records on file for all kinds of reasons. When you then throw in alumni services—updated addresses, family members, and financial information—it’s easy to see why colleges have become a goldmine for hackers.
Not Just Students
Take the example of this breach at Washington State University: A stolen hard drive contained information of people not even associated with the college but who were subjects in studies the university conducted. Simply put, universities store a staggering amount of personal information about a wide range of people. They are a prime target for attack.
It is no secret that college-aged individuals sometimes make poor decisions. In fact, it’s a fair bet that when you read the words “college-aged” and “poor decisions” in the same sentence, you automatically think of Animal House-style fraternity shenanigans and drunken revelry. While not every college student is a debauched partier, there’s a reason this stereotype persists.
This tendency for poor decision making is the same with cybersecurity. Those networks that have access to the goldmine of personal information are often used, maintained, and operated by college students. In the business world, one of the leading causes of breaches is user error—an employee clicking on a bad link in an email or using weak or poor passwords.
It is absolutely the same, worse even, on college campuses, and the hackers are noticing. In 2013, attackers breached the University of Delaware, compromising the information of 79,000 individuals. More recently, Oklahoma University and UCLA were also breached, affecting 29,000 and 30,000 people respectively. We are not alone either. The United Kingdom is experiencing the same types of attacks. According to this report, cyber-attacks on British universities have more than doubled. The reality is that hackers have figured out that many of these institutions are low hanging fruit.
Is There Even an Answer?
So, what is the solution? I think the simplest answer starts with education.
Parents and students need to know what information they’re giving away, and to whom. From there, they can take several simple actions to improve their cybersecurity. I outlined some tips in my previous article; while much of the blame and responsibility lies on the institutions themselves, some of these practices are things individuals can do as well.
Becoming more cybersecurity aware is a conversation we need to have with students, their parents, and everyone else. It’s hardly fair to send students out into the “real world” at such an immediate disadvantage and expect them not to lose their information at the first possible opportunity.