The New Age Threat: Mitigating Cyber Risks in Education

The New Age Threat: Mitigating Cyber Risks in Education

In the past year, cybercrimes and vulnerabilities have been firmly in the spotlight. Last year, as the world shifted to remote operations amid the COVID-19 pandemic, vulnerabilities became apparent as cybercriminals scored big. From the high-profile Colonial Pipeline attack to one that hits home for many education institutions, Blackbaud—  it is clear that cybercriminals do not discriminate and will attack anywhere they see a potential profit.

New cyber threats continue to emerge daily. Maintaining an effective cyber insurance policy and ensuring your institution's population practices proper cyber hygiene habits has never been more critical. Education institutions, in particular, must grapple with managing the vulnerabilities inherent in their systems, often with many access points.

Maintaining Cyber Hygiene

Establishing and maintaining proper cyber hygiene practices with your students, faculty and staff is an excellent first step in protecting your institution from an attack. Hackers may use tactics such as phishing to lure unsuspecting victims into giving them access to your network, which puts the entire institution and its data at risk. An article from The Digital Guardian highlights several steps your institution can take to establish a standard cyber hygiene plan for your institution. 

Some of these steps include:

  • Password Changes – Your students, faculty, and staff should regularly change their network passwords to prevent hackers from accessing their accounts. Complex passwords that are frequently changed can prevent many malicious cyber activities. 
  • Software Updates – Updating your software to the latest and most advanced version should be a part of your regularly scheduled cyber hygiene checklist. These updates can cover potential security soft spots in your network.
  • Manage New Installs – All programs installed on hardware issued by your institution should be documented and monitored.
  • Limit Admin Users – Ensure that only users who need admin access to your network are given admin status. Users who do not need admin access should be given more limited access.
  • Back-Up and Encrypt Your Data – All data should be regularly backed up and encrypted. This will ensure the safety of your data in the event of a breach and will often allow systems to get back up and running faster if an attack occurs.
  • Employ a Cybersecurity Framework – Employing an advanced cybersecurity framework, such as the NIST framework, can help strengthen your network's security. 
  • Multi-Factor Authentication -  This process helps confirm that digital users are who they say they are by requiring at least two pieces of evidence to prove their identity.

While this list is not all-encompassing, it provides a solid baseline example for cybersecurity measures all institutions should consider to decrease their network vulnerability.

Cyber Insurance is More Important Than Ever

Obtaining an adequate Cyber Liability policy is perhaps the most critical risk transfer strategy for limiting the financial impact of a cyber-related event.

However, many institutions may still have questions about procuring coverage. Below, you'll find answers to several questions regarding Cyber Liability coverage adopted from RCM&D's "Introduction to Cyber Insurance" document.

What exactly does a Cyber Liability policy cover?

When your organization experiences a security or privacy incident, a cyber insurance policy covers costs addressing the situation.

These costs include:

  • Identifying and addressing the breach
  • Recovering data
  • Notifying your students, faculty and staff
  • Legal expenses
  • Potential fines
  • Ransomware extortion costs

Types of coverage include:

  • First-party coverage - Covers damages an insured organization incurs due to a suspected incident.
  • Third-party coverage - Covers legal fees and settlement costs incurred if a third party is impacted due to the insured organization's suspected incident.
  • Cybercrime - Covers damages suffered in conjunction with illegal activity that has occurred using digital means. This includes damages due to ransomware, social engineering fraud, phishing and wire transfer fraud.
If my institution already has established proper cyber hygiene practices, why do I need Cyber Liability coverage?

While having well-thought-out cyber hygiene practices can help your institution mitigate risk, new threats and attacks are constantly emerging, especially in an environment growing increasingly more reliant on remote operations. Human error and phishing schemes can also breach even the most technologically prepared institutions. A cyber policy can also respond to third-party threats that your institution has less control over, such as a cyberattack on a vendor (i.e., Blackbaud) or data management service.

Is my institution currently equipped to handle a cyber incident?

For most institutions, the answer is no, as employees do not have the expertise
or time to respond to a security or privacy incident. This is why the breach coach service provided within a cyber insurance policy is so valuable. The breach coach will guide the insured organization through all facets of the incident response process (assessing legal ramifications, conducting forensic investigations, notifying impacted individuals, etc.), aiming to help the institution get its operation back up and running as quickly as possible.

Any Questions?

Protecting your institution from cyber threats is becoming more important on a daily basis. Without having strategies in place, your operations and the personal data of your students, faculty and staff are at risk. Talk to a trusted RCM&D advisor today for more risk mitigation strategies that can help your institution stay connected and stay protected.