School may be out for summer, but students, staff, and administrators at the University of Rochester have just been advised to change all of their passwords following a data breach which is now being investigated by the FBI. While the full extent of the impact that this breach has had on the University of Rochester is still unknown, it is reportedly just a small piece of a much larger attack – the breach has been confirmed by officials as being a part of a data breach affecting 2,500 organizations worldwide. 

Unfortunately, attacks of this nature are not uncommon for colleges and universities. Since 2005, there have been over 2,600 breaches with nearly 32 million records leaked. You may be asking yourself, why are malicious actors targeting colleges? The simple answer is what these attackers are always after - data, data, data.

Higher learning institutions have an incredible amount of personally identifiable and other sensitive information. These entities have nearly every detail about students, teachers, and other staff in their databases. Names, social security numbers, addresses, parental information, email addresses, social demographics, places of work, and more are all pieces of information that can be collected from these systems.

Not only is this data available, but something that hackers love to find, steal, sell, and use, financial data is plentiful at these institutions. Loan information, bank account information, and more can be found for nearly every student. It is clear that these places of education are treasure troves of information, making them highly appealing to attackers.

With such important and desirable information available at these schools, it is important to take steps to lessen vulnerabilities and to try to prevent such attacks. Below are some considerations for keeping schools, students, staff, and alumni a little more protected when it comes to their precious data.

• Cybersecurity education is key - While students who are majoring in computer information systems or cybersecurity may be well-versed in cyber threats and how to stay cyber safe, this should be something that students and staff alike become masters in. Universities and colleges should consider creating mandatory cybersecurity training for students to take regularly or even adding a cybersecurity education course to the general education (Gen Ed) requirements for the institution. Administrators and professors also need to be kept in the know; all key members should be made aware of IT/cybersecurity services available to them in case they should come across any potential hazards or concerns.
• Test the systems often - Institutions themselves need to be sure to check their systems often and prioritize cybersecurity when looking at their annual budgets. Being good stewards of the data collected is key to maintaining trust from the key players associated with the school. Audit systems often in order to keep everyone’s sensitive information protected. This may even be a good chance for some senior cybersecurity majors to get some real world experience by allowing them to assist with secure threat assessments with the guidance of their teachers and school IT staff.
• Utilize strong, unique passwords - Encourage all students and staff to use strong, unique passwords. For school accounts, the university or college could prompt students at the beginning of each semester to update their passwords to be sure that the action is being taken. Keeping passwords different for various accounts is key to overall personal cybersecurity protection and regular updating of login credentials helps to protect students in the event of a breach such as the one which hit University of Rochester.

Image by Freepik.

‍