This Could Be The Year Of The University Hack

You’re a college freshman relishing in your newfound freedom. You wake up in your cramped dorm room, roll over and grab your laptop to check Facebook — but when you type in your password, it’s rejected.

Slightly annoyed, you pull on some clothes, grab your backpack and head to the local coffee shop, where your credit card is promptly declined. Frazzled and in desperate need of caffeine, you open your university email and learn the school’s network was hacked and your information is at risk — and it’s only Monday.

Universities Are A Data Gold Mine

Attacks against university networks and those who use them are on the rise. Symantec’s 2015 Internet Security Threat Report (ISTR) found that education was the third-most breached sector in 2014, accounting for 10 percent of total incidences — and that number is only expected to rise.

While many students think online threats consist only of cyberbullying, joining the university ranks means their threat risk has expanded. The intellectual property and sensitive data housed on university networks, including financial, health, academic and social records, are a data gold mine. And hackers can use this information to take over mobile devices and network accounts, max out credit cards, steal student loans and redirect existing funding to the hacker’s coffers.

With targeted attacks on the rise, protecting university networks has become increasingly challenging. Education institutions have large and complex environments, with a revolving door of students, faculty and staff — some of whom could be hackers themselves. Many universities also have open campuses, allowing visitors and community members to use facilities and Wi-Fi, which increases data traffic and accessibility.

There’s also the issue of oversharing personal information. College students, many of whom are away from home for the first time, often don’t see the harm in posting their location or complete birthday on social media, but hackers often use this information as their foundation to steal identities.

New Textbooks, Meal Plans And … Malware?

Gearing up for college isn’t just about buying textbooks and registering for classes anymore. As students plan to head back to school this year, it is important that they understand the rising threat of university network hacks and learn to recognize common attacks. According to Norton’s threat research, the three most frequent attacks against universities include:

  • Spear-phishing attacks. Spear-phishing is a targeted attack against a particular person to steal personal information, like login credentials or credit card information. Victims often receive personalized emails suggesting they (unwittingly) click on a malicious link, download malware or divulge sensitive information.
  • Watering hole attacks. In this type of attack, cybercriminals infect popular or frequently visited websites with malware. For example, last year hackers infiltrated the popular music review website, redirecting site visitors to another page that automatically downloaded malware onto the visitor’s computer.
  • Trojanized updates that pose as legitimate software updates. This relatively new attack form involves hiding malicious code in legitimate software updates the user will unsuspectingly accept.

There is no doubt that universities take security seriously, but students can take active steps to protect themselves online, both on and off campus, with the following tips:

What Happens In College Stays … Online. It may seem normal to enter your birthday or phone number when creating a profile on the latest social media network, but releasing this personal data over the Internet creates a digital footprint, which can be used to identify you. Be careful about what information you share online and review your accounts’ privacy settings. Symantec research found that social media scams increased by 70 percent in 2014, so think twice before clicking a strange link from a Facebook friend. You can protect your login credentials by using strong passwords and enabling two-step authentication. It’s an extra layer of protection for your account.

Connect To Wi-Fi Safely. Most public Wi-Fi and hotspots are notoriously unsecure, making them lucrative targets for criminals who can use attacks to capture anything you type, including login credentials and credit card numbers. Ask your local coffee shops and bookstores whether their Wi-Fi networks are protected and confirm the name of each hotspot before logging on. The next step would be to use a personal VPN; it’s an easy way to protect your data as it’s transmitted — almost like a secret code that only you and your VPN share.

Back Up Your Data. While a device is easy to replace, the data on it is not, and some of it is irreplaceable, such as term projects and homework, college memories and family photos. This is where a solid backup plan comes into play. Try to back up your smartphone on a daily basis. If you don’t have a personal computer with you, you can look into easy ways to back up your data in the cloud from your phone.

Use (Device) Protection! Devices play a huge role in our lives. Between writing homework, checking Snapchat or Twitter on the go and tracking important financial details, our laptops and smartphones help us manage and store information we use every day. Protect all of your devices, including your personal computers and mobile devices, from sophisticated attacks and loss with a multi-layered security solution like Norton Security.

Stay Alert And Be Proactive. The best way to stay ahead of a hacker is to make sure they can’t access your data in the first place. Change the password associated with your university account and connected devices (e.g., laptop, tablets, mobile phones and smartwatches) at least twice a semester, making sure that your software is up to date so you’re protected against the latest threats. And if you receive a suspicious email — immediately report it to university IT security. Criminals will often send phishing emails to network users to access their network credentials and other sensitive information.

We know that cyberthreats against universities and the students who attend them will continue to rise, but following security best practices and adhering to the university’s cybersecurity policy will help mitigate the risk.