Why the Education Sector Needs to Get Better at Cyber Hygiene
4) Strong Passwords and Multi-factor Authentication (MFA)
Strong and unique passwords are essential to protect higher education systems and data. The strongest passwords are at least 12 characters, made up of a combination of letters, numbers, and special characters. Complement passwords with MFA, which requires two forms of verification before granting system access, making it significantly harder for attackers to exploit stolen credentials.
5) Robust Backup Practices
Regularly back up critical data and store it in secure, offline locations. In the event of a ransomware attack or system failure, backups provide a lifeline for recovering data without paying ransom demands.
6) Enhanced Virtual Private Network (VPN) Security
As many institutions rely on VPNs, ensure they are secured with updated protocols, strong passwords, and MFA. This minimizes risks associated with remote access and prevents attackers from exploiting weak points.
7) Timely Software Updates and Patch Management
Promptly update systems, applications, and firmware to close known vulnerabilities that attackers often exploit. Implement automated updates whenever possible to prevent gaps between vulnerability discovery and patch deployment.
8) Network Segmentation
Isolate sensitive systems and data from broader network access to limit an attacker's ability to move laterally within the network during a breach. This measure reduces the scope and impact of the attack.
9) Data Encryption
Utilize encryption to protect sensitive information, including staff and student data as well as academic research. Encryption ensures that, even if data is intercepted, it remains unreadable without the proper decryption key.
10) Incident Response Plans
Develop and routinely test an incident response plan to enable swift and effective action in the event of a cyber incident. Regular simulations ensure that all stakeholders are prepared to minimize downtime and damage.
The fundamental principles of staying safe in a dynamic threat landscape remain unchanged. What must change is higher education institutions' willingness and commitment to embrace and implement them.
By drawing on lessons from past incidents, staying current with cybersecurity best practices, and implementing the above measures, higher education institutions can begin to close the vulnerabilities that ransomware groups like FOG exploit. These proactive steps not only enhance security but also safeguard the trust and reputation of educational organizations in an increasingly digital world.
About the Author
James Turgal is VP of global cyber risk and board relations at Optiv.