Open Menu Close Menu


After a Cyber Attack: Dos and Don'ts for Higher Education IT Staff

For most colleges and universities, it's a question of when, not if, they will experience a cyber attack. Here are seven key considerations for handling the aftermath of a breach.

There is a treasure trove of sensitive and valuable information in higher education information systems that is tantalizing to hackers of all kinds. With networks that store the financial details of every student, faculty, staff member, alumni, research partner, and more such as names, addresses, social security numbers, passports, and healthcare data, colleges and universities are attractive targets. In fact, it is thought that an individual's educational records are worth around $265 on the black market.

Higher education in particular has a more "open access" culture and infrastructure than other organizations of similar size and complexity. Academic institutes employ various devices for recruiting, teaching, research, data storage, and other activities. Students, too, bring their own mobile devices to school for research and note-taking.

This substantially increases the vulnerability of the institution to attack. Unfortunately, despite their knowledge of how to use devices, students are often uninformed of the importance of cybersecurity. Many of their personal devices lack the proper security protocols, and if they connect to their school's WiFi, it can make it easier for hackers to breach the institution's network without the proper configurations and monitoring.

According to IBM Security's Cost of a Data Breach Report, the average cost of a data breach in the education industry increased from $3.79 million in 2020 to $3.86 million in 2022. Further, education remains one of the top 10 industries with the highest average total cost. And according to a recent Sophos report, 40% of victims in the higher education sector took more than a month to fully recover from a cyberattack in 2021. This is in stark contrast to the 10% of manufacturing and production companies that took an extended period of time to recover from a similar attack.

The sad truth is that for most schools, it is a question of when, not if, they will experience a cyber attack. So let's dive into the do's and don'ts for IT staff once an attack occurs.

After a Cyber Attack, Do:

Act as swiftly as possible to contain the attack. The quicker you can quarantine the issue, the better it will be for recovery. Cyber attacks on schools, particularly those that cause significant disruption, often make headlines and come under a great deal of scrutiny from parents, faculty, and the general public. It is important to have an efficient and timely response and recovery plan in place to minimize the damage of a breach before it becomes too severe.

Consider if you need to bring in outside resources to help. Ensure that there are no new indications of a breach and that security flaws have been remedied to stop malicious actors from regaining access to systems and networks. Educational institutions should then get in touch with their incident response firm, cyber insurance provider, and law enforcement before attempting to remove the threat.

Unfortunately, your current team may or may not be equipped to handle the problem on their own. Whether it's an issue of expertise, time constraints, or both, institutions of all types and sizes should have a service provider they can call to help with containment and recovery as part of their incident response plan.

Analyze what happened to improve security practices and incident response. There's a saying in cybersecurity that the cybersecurity team has to get it 100% right, but the criminal only needs to get it right once. Schools need to accept that there is no shame in being a victim of a cyber attack — the most important thing is analyzing what happened, what went right, and what went wrong, so the same mistakes can be avoided and schools can strive for continual improvement.

comments powered by Disqus