Industries such as financial services and health care typically come to mind as common targets for these kind of attacks, but according to Jon Coller, the University of Saskatchewan’s chief information security officer, post-secondary institutions are experiencing an increase in both the frequency and sophistication of cyberattacks.
“Universities are prime targets, for a couple of reasons,” Coller said. “They collect and store a large volume of personal, financial and research data on behalf of faculty, staff and students, but by nature operate in a very open environment that encourages connectivity and collaboration with multiple stakeholders.”
When cyber breaches occur at universities, criminals introduce software to networks and devices that can collect or encrypt data.
The research, clinical or financial information that is stored on the device or network is then exposed publicly or held for ransom until a payment is made.
The risk to intellectual property, along with the recent cyberattacks at post-secondary institutions across the country, has prompted the university to re-examine its information technology (IT) security and data management strategies.
“The changes we began applying this past summer on computers and laptops significantly reduce the ability for infections to infiltrate a device or spread between individual computers,” Coller said. “We are also making updates to our university network which will put stricter barriers between university systems that house sensitive information and public devices that have the potential to be compromised.”
These advancements have helped to improve the overall security posture of the university. However, Coller touched on a couple of simple, but important ways individuals can help the university defend against attacks.
First, set strong eight-or-more character passwords on all accounts. Second, know how to identify and report phishing emails. According to Coller, the most common method cybercriminals use to gain access to an organization’s IT infrastructure is through an infected device.
“They do this by tricking the user into providing their credentials or install malicious software when the user clicks on an embedded web link or attachment,” he said.
Once the criminal gains access to the device, they attempt to infiltrate other locations on the network, or begin corrupting services. Information and Communications Technology (ICT) has now introduced new services to help secure university data and individual devices. DATASTORE, a high-capacity research storage solution, eliminates the risk of data loss or theft, Coller said. This free service is available to all researchers and provides up to three terabytes of data storage.
“We’ve also added Software Centre, which is basically the university’s app store,” Coller said. “Faculty and staff can download and install secure applications maintained by ICT and are continually updated with security patches from the software provider.”
To help educate members of the university on techniques used to defend against cyberattacks, ICT has also launched a new IT security website. This website includes lists of the common phishing attempts that have targeted the university and contains cyber safety-related training videos and resources.
Jody Gress is a communications specialist in Information and Communications Technology.