Cybersecurity in education remains a topic of high importance for institutions seeking to remain conscientious stewards of student, employee, and everyday data. Balancing the efficient and secure capture, storage, and distribution of information with the growing accessibility demands of administrators, faculty, and students is no easy task.
In 2021, 74% of ransomware attacks on higher ed institutions were successful. 56% of K12 schools worldwide reported ransomware attacks in the past year and the ransom demands are staggering.
There is a longstanding misperception that cybersecurity is controlled by IT and that it should be left to professionals to monitor and control. But this just isn’t true. In fact, everyday people have a huge role to play in cybersecurity threat prevention, detection, and remediation. According to an IBM intelligence report, 95% of breaches have human error as a significant contributing factor.
Everyday technology users are very much the first line of defense when it comes to thwarting cybercrime. Cybersecurity is generally more effective when responsibilities are shared throughout the institution.
With that, here are a few key best practices that anyone can implement today to enhance their own cybersecurity, the security of student and staff data, and create a more secure world for everyone.
Step 1: Watch Out for Phishing
Phishing – when a cybercriminal poses as a legitimate party in hopes of getting individuals to engage with malicious content or links – remains one of the most popular tactics among cybercriminals today. In fact, 80% of cybersecurity incidents stem from a phishing attempt.
However, while phishing has gotten more sophisticated, keeping an eye out for typos, poor graphics and other suspicious characteristics can be a tell-tale sign that the content is potentially coming from a “phish.” If you think you have spotted a phishing attempt, be sure to report the incident so that internal IT teams and service providers can remediate the situation and prevent others from possibly becoming victims.
For higher education institutions, the W-2 scam has proven to be a common phishing attempt. This approach uses emails or phone calls to manipulate employees into providing confidential tax information of faculty and staff under the guise of a legitimate, often urgent, need for the information.
Step 2: Update Your Passwords and Use a Password Manager
Having unique, long, and complex passwords is one of the best ways to immediately boost your cybersecurity. Yet, only 43% of the public say that they “always” or “very often” use strong passwords. Password cracking is one of the go-to tactics that cybercriminals turn to in order to access sensitive information. And if you are a “password repeater,” once a cybercriminal has hacked one of your accounts, they can easily do the same across all of your accounts.
One of the biggest reasons that individuals repeat passwords is that it can be tough to remember all of the passwords you have. Fortunately, by using a password manager, individuals can securely store all of their unique passwords in one place. Meaning, people only have to remember one password. In addition, password managers are incredibly easy to use and can automatically plug-in stored passwords when you visit a site.
Step 3: Enable MFA or use SSO
Enabling multi-factor authentication (MFA) – which prompts a user to input a second set of verifying information such as a secure code sent to a mobile device or to sign-in via an authenticator app – is a hugely effective measure that anyone can use to drastically reduce the chances of a cybersecurity breach. In fact, according to Microsoft, MFA is 99.9 percent effective in preventing breaches. Therefore, it is a must for any individual that is looking to secure their devices and accounts.
Softdocs SSO
Recognizing that the cyber threat landscape facing education today has grown quite complex and continues to rapidly evolve, we’ve adopted cybersecurity as a key pillar of responsibility to our customers. In addition to receiving SOC 2 Type I and Type II compliance, we designed Etrieve from the ground up, to keep your data secure and to fit seamlessly into your institution through APIs, single-sign on (SSO), and a central access control policy.
Step 4: Activate Automatic Updates
Making sure devices are always up-to-date with the most recent versions is essential to preventing cybersecurity issues from cropping up. Cybersecurity is an ongoing effort, and updates are hugely important in helping to address vulnerabilities that have been uncovered as well as in providing ongoing maintenance.
This is even more important to consider when employing outdated legacy applications. When vendors provide limited support for legacy applications, development efforts related to ensuring the solution is secure and up to date is typically not a priority. For this reason, institutions should automate updates and patches.
Therefore, instead of trying to remember to check for updates or closing out of update notifications, enable automatic update installations whenever possible.
Softdocs Continuous Integration / Continuous Deployment (CI/CD)
Softdocs uses Azure pipelines to automatically deploy the latest release of tested code to our Etrieve Cloud customer environments on Saturday morning each week. Meaning they have the newest, most secure version of Etrieve directly each week, ensuring they have the latest features and bug fixes available soon as they are ready, no upgrade process required.