UNTANGLING THE WEB

Posted on by EnvisionED
Untangling The Web

5 Things Every University Can Do To Curb Cyber Hacks

They are going to try. And if there is an opening, they will strike. According to the “2019 Verizon Data Breach Investigations Report,” the higher education system is plagued by errors, social engineering and inadequately secured email credentials, and is a big target for cyber hacks. According to the report, in 2018 there were 382 incidents, 99 with confirmed data disclosure reports, alone. The 12th annual report is built on real-world data from 41,686 security incidents and 2,013 data breaches provided by 73 data sources, both public and private entities, spanning 86 countries worldwide. Here are some of the best practices that can help prevent breaches:

Keep it clean — Many breaches are a result of poor security hygiene and a lack of attention to detail. Clean up human error where possible, then establish an asset and security baseline around internet-facing assets like web servers and cloud services.

Maintain integrity — Web application compromises now include code that can capture data entered into web forms. Consider adding file integrity monitoring in addition to patching operating systems and coding payment applications.

According to the “2019 Verizon Data Breach Investigations Report,” the higher education system is plagued by errors, social engineering and inadequately secured email credentials, and is a big target for cyber hacks.

Redouble your efforts — Two-factor authentication (2FA) everything. Use strong authentication on customer-facing applications, any remote access and cloud-based email. There are examples of 2FA vulnerabilities, but they don’t excuse lack of implementation.

Be wary of inside jobs — Track insider behavior by monitoring and logging access to sensitive data. Make it clear to staff and students just how good you are at recognizing fraudulent transactions.

Stay socially aware — Social attacks are effective ways to capture credentials. Monitor email for links and executables. Give your teams ways to report potential phishing or pretexting.