Cybersecurity threats: Is your institution vulnerable?

Higher education institutions have always had to worry about crimes such as fraud and embezzlement. But the dangers they face now are much more sophisticated — and can be far costlier.

According to the Ponemon Institute's latest U.S.- focused cyber crime report:

  • The financial impact of cyber crime has increased 82 percent over the past six years.
  • No industry is safe: during that six-year period, some industries have realized as high as a $9 million increase in the cost of cyber crime.
  • It takes, on average, nearly 50 days and close to $2 million to resolve a cyber attack.

The bottom line? Falling prey to a cyber crime attack carries big financial penalties ... and those penalties are rising.

Costly consequences

One of the more sinister aspects of these breaches is just how far-reaching they can be. In June 2015, Harvard University experienced a cybersecurity breach that affected eight colleges and administrations and compromised the Harvard network login credentials of numerous website users. Following the breach, the university stated, "We notified the community as soon as we were confident that notification would not jeopardize our efforts to secure systems and limit damage from the intrusion, potentially making the situation much more difficult to resolve."

Harvard is far from the only victim of cybersecurity breaches in the academic world in recent years. Pennsylvania State University, University of Virginia, University of Connecticut and Johns Hopkins University are among those affected by cyber crime. According to Symantec's Internet Security Threat Report, 10 percent of reported security breaches impact the education sector.

Forewarned is forearmed

Here are some of the more common types of cyber attacks – each of which could pose a direct threat to your higher education institution and possibly even your clients.

Database breaches
In database breaches, also referred to as account takeovers, a form of identity theft occurs in which cyber thieves steal credentials such as account passwords and then execute fraudulent transactions. This theft can happen a few different ways. One method incorporates keylogging software that records a user's keystrokes and sends them to the thief. Another method leverages email "phishing" that tricks legitimate users into sending credentials to a bogus email account or entering them on a fake website.

Hackers accessed University of Calgary faculty records and doctored banking records in September 2015. As a result, 13 employees did not receive their paychecks on Friday, September 25. After the breach, the university locked and removed the infiltrated accounts.

DDoS attacks
Imagine your email inbox receiving millions of emails at once. This is one potential consequence of a distributed denial of service (DDoS) attack, during which hackers overwhelm servers. Other common results of DDoS attacks include degradation of Web or email resources, slow network performance and the inability to access some network resources. Most DDoS attacks last for several hours, creating a distraction that allows fraudulent transactions to take place undetected.

In 2015, Rutgers University experienced a DDoS attack, which hindered its Internet connectivity, Wi-Fi access and e-learning tools. The university had recently invested $3 million to safeguard its networks after several cybersecurity breaches.

Crimeware is malware that is installed on computers when users download files that seem innocuous but are intended to harm your device. The majority of crimeware programs are Trojans, which computer security software company Intel Security describes as follows:

"Trojans are usually disguised as benign or useful software that you download from the Internet, but they actually carry malicious code designed to do harm — thus their name."

Once installed, a Trojan can log everything you type, take screenshots of the websites you visit and steal personal information. Student and faculty usernames, passwords credit card numbers and more can be accessed by hackers once a Trojan has been installed.

Take 5
Fortunately, there are ways a higher education institution can mitigate the risks associated with cyber attacks.

  1. Assess system vulnerabilities and other risk factors for all areas of the higher education institution and regularly review activity logs.
  2. Use all available security features and controls built into online and computer systems.
  3. Implement a comprehensive audit program.
  4. Implement an information technology security policy, enforce it and train employees on appropriate email and information safeguards.
  5. Ensure employees create strong passwords and that they update them regularly.

Unrelenting threats

While it is impossible to know when an attempt to attack your company's IT infrastructure might occur, it's relatively easy to begin taking proactive steps that will help ensure cyber crooks come away from your system empty-handed. Start today for a more secure tomorrow.

About Rehmann's Higher Education Group
Rehmann's Higher Education Group is a dedicated team that provides a range of services such as accounting, tax and assurance to higher education institutions throughout the Midwest and Florida. With experience in both private and public entities – including community college, public universities and private institutions – our advisors are ready to listen, collaborate and deliver solutions to help you achieve your goals.


Published in Higher Education

Meet The Rehmann Team

Start typing a name ...
Searching for "{{nameQuery}}"...
Start typing an experience ...
Searching for "{{experienceQuery}}"...
Start typing a location ...
Searching for "{{locationQuery}}"...
Or view a list of team members

get rehmann expertise to drive your business in your inbox every week