It’s the dream of many college hopefuls to get into big name universities and acquire the skills to lead successful careers. The same applies to hackers.

University servers are packed with hundreds of thousands of student and alumni social security numbers, addresses, phone numbers and more—all the necessary information for identity theft.

Unnecessarily sneaky hacker

“Aha! With the combined buying power of the 2017 class, I can buy… three pens.”

Aside from the goldmine of private information, university systems have been hacked to change grades and even mine for Bitcoins.

But interestingly enough, these hacking attempts aren’t necessarily the biggest threats to a university. They’re big media topics and should definitely be cause for concern, but there are larger threats out there—like the university’s own staff.

Larry Ponemon

Larry Ponemon, Founder of the Ponemon Institute

“While external attackers and their evolving methods pose a great threat to companies, the dangers associated with the insider threat can be equally destructive and insidious,” said Larry Ponemon, Founder of the Ponemon Institute. “Eight years of research on data breach costs has shown employee behavior to be one of the most pressing issues facing organizations today.”

Solving this problem isn’t about getting rid of your work-study students. It’s about tightening how a university’s information is managed. Some common security holes include:

    1. The use of removable storage devices (USBs, DVDs or hard drives) to store or transfer sensitive data.
    2. Emails with confidential content being sent to the wrong recipients.
    3. Unsecured files on cloud storage.
    4. Laptops or other mobile devices that auto-save passwords.

Anticipating employee leaks can be incredibly difficult, but there are ways to tighten IT security.

    1. Start by assessing the institution’s overall information strategy, including how information is received, stored, accessed, shared and destroyed.
      • Is information saved in a secure repository that requires authentication before being viewed?
      • Are employees only granted access to need-to-know information?
      • Are records being destroyed in accordance with recordkeeping laws or university rules?
    2. Identify where human error can create security issues. For example, instead of sending sensitive content via email, send the location of the content within a secured repository (i.e. a hyperlink to a file stored in a document management system like Laserfiche). Even if the wrong email is entered, the recipient can’t access the file in the repository.
    3. Establish best practices for handling confidential information. This will create a standard that everyone can follow. It creates consistency and clarity in how to use, share and access this information.
    4. Routinely train employees. This goes hand-in-hand with the previous step. There’s no point in having an extensive guide if no one knows about it or isn’t updated on the latest changes. Repeated training and reinforcement will create a culture of safe information handling.

Defending against hacking attempts is definitely important, but statistically speaking, there are greater security dangers. Luckily, a university’s IT department does have a significant amount of control in preventing the more common security leaks.

Discover how Higher Education institutions around the world are using Enterprise Content Management software to maintain information security and automate many error prone processes. Download your free copy of “Quicker, Better, Safer: Higher Education“.

Enterprise Content Management Solutions for Higher Education Institutions

Some of the products and services listed on the Laserfiche Solution Exchange were not developed by Laserfiche. The recommendations and opinions expressed on the Laserfiche Solution Exchange are those of the person or persons posting the recommendations only, and they do not necessarily represent Laserfiche's opinion or recommendation of the product or service being reviewed. Laserfiche disclaims all liability resulting from your purchase or use of any non-Laserfiche software product or service listed on the site.