By Geraldine Plott, CPCU, FCLA, SCLA, AIC, ARM, AIS, AINS, CIIP, DAE, CLP-A
A recent article from the Bank of America stated that our industry, as well as all businesses, are not alone in the fight against cybercrime. Colleges and universities have unique characteristics that make them a prime target to cybercrime. This is evidenced by a recent story concerning a public health sciences university being forced to pay over a million dollars after a ransomware attack, or a private college over 150 years old closing permanently after a cyberattack. Security breaches can result in loss of personal information, intellectual property, as well as sensitive data that could result in reputational damage.
The characteristics of college and university campuses make them attractive to cyber criminals. The emphasis on independence, free flow of ideas and the diversity of skills and backgrounds of both the student and the staff make cybersecurity a challenge. Open wifi across the campus, in classrooms, libraries, labs, dorms, faculty and administrative offices increase the attraction to the threat. You add a diverse array of administrators, professors, employees, as well as students connecting to school networks, when and where they want makes these educational institutions ‘ripe for the picking’.
The pandemic helped with the technology of remote learning combined with a huge population of young people just beginning to live on their own and not truly concerned or aware of security issues. In this article by Bank of America it notes that education and research institutions saw a 114% increase in cyber incidents between 2020 and 2022. It also noted that this sector experienced the highest volume of attacks in any industry every month in 2021 and 2022.
These institutions house a huge amount of data, including intellectual property, as well as personal identifiable information from students, parents, staff and vendors. Stolen academic credentials are commonly trafficked by criminals. So how do these institutions guard against these threats?
First, they need to understand the risks involved, and educate and train faculty, staff and students. This needs to become part of the daily culture. Second, strengthen all user access protocols; perhaps using multifactor authentication. This should be an ongoing basis. Third, ensure all software is up to date; enlist anti-malware tools for the entire university population. Fourth, not only strong backup methods but for highly sensitive information the use of encryption to further reduce risks. Fifth, have a solid plan in the event of possible cybersecurity events; be prepared! And finally, build a culture of cybersecurity and engage leadership from every department. Empower students by not only educating them but also including them in the detection and planning process.
Cyberattacks disrupt classes/exams but also cost close to $4 million on average in 2022, not to mention reputational damages. This is not just an issue for the commercial industry; it’s an issue everyone should be aware of – Be prepared! Be vigilant!
Geraldine Plott, CPCU, FCLA, SCLA, AIC, ARM, AIS, AINS, CIIP, DAE, CLP-A entered the insurance industry in 1974 and became a member of IAIP in 2002. She has held a variety of positions in both and has always been a strong advocate for education and professional development. She is currently retired but remain an ‘insurance nerd’ and enjoy facilitating and conducting classes/seminars.