Dive Brief:
- About 77% of institutions are unprepared for IT attacks, according to Netwrix's IT Risks Survey, which included feedback from 723 IT professionals across various industries and countries.
- Respondents said employees are actually the top threat to the safety of IT systems, with 72% of institutions saying they don't even have a dedicated person to handle IT security and another 49% crediting security incidents to human behavior, rather than 37% reporting incidents due to malware, writes Campus Technology.
- Lack of budget was reported by 74% of respondents as being the main reason institutions hadn't taken a better approach to their IT security, with lack of participation from senior management being cited by 44%.
Dive Insight:
Higher education institutions are particularly vulnerable to cybersecurity attack, as campuses manage a massive amount of personal data every year. In fact, a report from Digital Citizen Alliance, "Cyber Criminals, College Credentials, and the Dark Web," explains .edu credentials are especially valuable to cyber criminals, because they can be used to purchase goods online often at discounted rates. The report found 13,930,176 email addresses and passwords belonging to faculty, staff and students could be purchased in the dark web.
But it's not just cyber theft that makes institutions vulnerable — it's also their staff and their systems management. Washington State University this year had to send out an email to 1 million of their students and staff that their personal information, including social security numbers, might have been stolen, when thieves broke into a safe, which contained a hard drive of data going back to 1998.
As more students enter campus demanding greater technology in the classroom, they will also expect their data to be kept safe by institution leaders. For this reason, it's important for administrators to invest resources in building solid IT security teams, as a data breach could be far costlier than their initial investment. Some easy steps to take include updating existing IT management facilities, transferring data on hardware to more secure locations on-site that are also in high locations so they cannot be flooded or easily accessed, considering outsourced cloud data management professional, and instituting two-factor authentification protocols on data encryption and storage.