Due to the vast amount of sensitive data that they hold, educational institutions are a key target for cyberattacks. According to a recent report, ethical hackers were able to overcome UK university defences and obtain “high-value” data within two hours. In fact, universities and research centres have faced repeated attacks from bad actors, with over 200 institutions reporting more than 1,000 attempts to steal data or disrupt services last year.
As the holiday season approaches, many people tend to travel, and last-minute emails or reports may tempt students and faculty onto shared networks. But with valuable assets and data on public Wi-Fi access, comes great security risk and vulnerability.
Therefore, SecureAuth recommends the following on how educational bodies can reduce risk and defend against attacks:
• Employ secure access control
Username and password combinations are notorious for offering suboptimal security and educational organisations need an approach that protects the end user and sensitive information, while not hindering user experience. Adaptive authentication is one approach that provides world-class security without impacting usability. That’s because risk checks are completed without users being aware of it —multi-factor authentication is applied only if risks are detected.
• Deploy single-sign on authentication
The number of passwords students and staff must manage, grows daily, putting security at risk. However, by adopting a passwordless approach with single-sign on, the user is given a single set of credentials to remember, streamlining secure access to on-premises, mobile, cloud, VPN, and legacy resources while eliminating stored, passed, or synced credentials. If the identity is compromised, adaptive authentication ensures the attacker will be challenged with multi-factor authentication and/or denied access. Time savings with single sign-on and passwordless authentication can be significant.
• Be wary of public Wi-Fi
Public Wi-Fi is not monitored, nor is it secure. Cybercriminals can see individuals’ activity such as sites logged into, data being transferred and other information of what the user is doing. While away from the campus, staff and students should avoid visiting sites or conducting activity with sensitive or confidential information such as money transfers when connected to a public hotspot. Instead, they should wait until access can be achieved on a trusted network.
Karl Barton, International Channels and Alliances at SecureAuth, commented, “Educational institutions should be proactive about protecting valuable assets and data, especially when remote working is a key facet in the era of digital transformation and modern learning. For instance, forward-thinking security teams such as at The University of New Hampshire recognised the need for improved cybersecurity defences. They worked with SecureAuth to strengthen their security and protection while maintaining an easy experience for users, by applying modern access management solutions that secures over 26,000 users at any given moment.
By adopting modern identity security technologies, educational institutions can exponentially reduce the threat surface, enable user adoption and meet business demands with frictionless user experience driving engagement and productivity.”