Security in Education - Faculty, Employees and Administration
Remember your concerns when you were in school? Grades, appearance, coolness, location of the next party and all the other seemingly important things of life. None of these concerns relate to someone stealing your student loan funds or hacking (and releasing) your confidential files.
Unfortunately this is a real risk (based on real stories), and the following illustrates why Educational Institutions need excellent IT professionals to provide technology and security support.
Educators and Administrators already carry a tremendous burden of fueling the minds of tomorrow’s leaders. It seems a little ridiculous to expect them to be cyber security experts as well. Regardless, these individuals stand out as targets for conniving cyber criminals.
In this series, we’ll explore the Two-Step Phishing attacks on our sensitive organizations, starting with Educational Institutions.
Educators play huge roles in students’ lives. Dr. Brown was one of those critical mentors for me. Not only did his Finance classes pave the way for a great career, the wisdom he provided for solving life’s problems has been invaluable. Sadly, he is a valuable target for cyber criminals.
Should we expect every instructor to also be a cyber sleuth? Nope - that would be ridiculous. Educators already have an important area of expertise to focus on. Now, what if a compromise of your teacher’s email had costly repercussions for your future? Sadly, this risk is all too real for today’s students.
Just last month, a school district in California revealed a breach, discovered only after hackers spent months inside the district’s network. Through a single successful phishing campaign, attackers gained unfettered access to sensitive data on thousands of educators, employees and their families. The compromised data included employee (and family member) SSNs, employee doctors’ notes and medical information and even birth certificates of employees’ dependents.
These breaches are always devastating for everyone involved. The District has a huge notification burden, and families now carry the weight of the loss of privacy and identity theft risks.
This all-too-familiar story only highlights Step One of this attack. Unfortunately, this is a common result for organizations without a security training program for their employees.
This also brings up important FERPA security compliance issues - is the organization doing its best to protect the data of their educators and students?
INFIMA’s excellent partners provide the necessary security services to protect Educational Institutions.
In a later post, we’ll explore Step Two of this attack, with more real life examples.
Ready to learn more? Connect with us here!