Learning from cybersecurity incidents at institutions

According to University Business, higher education institutions have been the victims of 539 breaches involving nearly 13 million known records since 2005. With these attacks becoming increasingly sophisticated, it’s more important than ever for institutions to effectively safeguard their personal, intellectual and financial assets. 

Let’s review two recent examples that may help protect your institution.

Scenario 1: Vendor security

A higher education institution faced a recent hacking attempt through internet correspondence. Disguised as a vendor, the hacker sent an email to the institution with instructions to change the bank routing information for future electronic payments. The communication appeared to be legitimate in both design and verbiage. The institution changed the bank routing information as instructed in the communication. The subsequent payment to that vendor was not actually received by the vendor, but instead by the hacker. The institution learned that the hacker initiated the request using information obtained from the vendor’s records. The institution is currently working with the proper parties to retrieve the lost funds.

Lesson learned: When changes to vendor standing data are requested, it is recommend that an institution independently contacts the vendor to validate the request. Use previously accessed contact information from the vendor instead of any recent correspondence that you received to ensure authenticity.

Scenario 2: Banking security

A higher education institution received a phone call requesting a change to the bank routing information for future electronic payments. However, with this attempt, the hacker changed the phone number to appear as if the vendor was calling directly. The institution was suspicious of the requested change and called the vendor independently to confirm the request. The institution learned this was a hacking attempt and disallowed the change to the vendor standing data.

Lesson learned: Institutions should verify all requests for vendor standing data changes, especially banking information. Through continued education, employees will become more aware of possible fraud attempts and apply the appropriate internal controls to verify the legitimacy of requests.

Published in Higher Education

Meet The Rehmann Team

Start typing a name ...
Searching for "{{nameQuery}}"...
Start typing an experience ...
Searching for "{{experienceQuery}}"...
Start typing a location ...
Searching for "{{locationQuery}}"...
Or view a list of team members

get rehmann expertise to drive your business in your inbox every week