Equipping 51蹤獲 Against Cyber Threats
October 1, 2018
Cyber attacks happen every day, and any one of usstudent, staff, or facultycould be the point of a 51蹤獲 data breach.
Here are the numbers:
- In 2017, over 100 universities experienced a breach of confidential data.1
- 85% of data breaches are a result of unintentional human error (we call this the human factor).2
- Last year, nearly 500 51蹤獲ns were phished in a single day, giving attackers access to their email accounts and Google Drive.
Universities are prime targets for attacks and data breaches. If confidential information is lost or stolen, organizations are obligated to publicly inform their community and purchase identity theft protection for every affected individual.
A single data breach can cost a university millions of dollars:
School |
Data Breach |
Cost3 |
---|---|---|
An external hard drive went missing, with sensitive W9 data.4 |
Unknown |
|
Stolen, unencrypted laptop with confidential data.5 |
$2 million. |
|
An employee with access viewed patient medical records they shouldnt have.6 |
$2 million. |
|
An employee didnt use the correct privacy settings on a shared confidential document (with SSNs and FERPA-protected data).7 |
$7 million. |
|
A compromised network allowed hackers to access PII, SSNs, and financial information for staff, faculty, and alumni.8 |
$30 million. |
|
A safe was stolen, containing a hard drive with PII and SSNs.9 |
$100 million. |
Lets keep 51蹤獲 off of this list.
October is National Cybersecurity Awareness Month. Every October, organizations around the world encourage people to protect themselves, their families, and their workplaces against cyberthreats. You can on their website.
Our Information Security Program
In conjunction with National Cybersecurity Awareness Month, 51蹤獲's Information Security team is launching a new information security program for the university. Since the majority of cyber attacks and data breaches originate with human error, our program is primarily focused on equipping our community to recognize and respond to cyber threats.
Our program has 3 parts: Awareness, Training, and Simulated Phishing.
Awareness
From now on, well be sending out regular reminders about current cyberthreats, and how you can securely interact with technology. Our goal is to keep cybersecurity topics fresh in your mind, so that you feel equipped and confident to recognize and respond to threats.
Training
If youre an employee, youll receive annual cybersecurity training. The online training takes about an hour, and you can do it at your own pace. This keeps you informed, and keeps 51蹤獲 in compliance with cybersecurity regulations and standards. Training details will be announced soon.
Simulated Phishing
Lastly, we'll send simulated phishing emails to our employees in order to train our community to identify and report malicious emails. Phishing is the most common cyber threat, and it gets more sophisticated each year. Simulated phishing emails are designed to replicate current cyber threats and reinforce healthy online habits for our employees.
What to Expect
Well have a new cybersecurity theme for you next month. Youll hear from us by email, and well put up digital signs around campus to remind you about the months theme.
Thank you for teaming up with us to protect university data.
Until next time, stay secure.
References:
- Verizon Data Breach investigations Report Executive Summary:
- Verizon Data Breach Investigations Report:
- Data breaches have far-reaching costs and implications. In 2018, the per compromised record was $148. When confidential personal data is compromised an organization is obligated to notify and provide identity theft protection for each of the compromised individuals.
- Chapman College of Health and Behavioral Sciences:
- Pepperdine University Graphic:
- University of California, Berkeley Notice of data breach:
- OU shuts down fire sharing service after failing to protect thousands of students' records:
- Butler University breach notification:
- PII of 1 million compromised in Washington State University safe heist: The Washington State University case is a unique example in which the University did have cybersecurity insurance. While WSU experienced a $100 million+ data breach, the university , on top of their insurance costs.