The development of digital technology and the availability of cloud services facilitate the connectivity, data sharing, and research capability for individuals as well as for college and university staff and students. Scientists and college research divisions can access a broad array of information and collaborate with colleagues from all over the world, seamlessly and without exaggerated costs. However, all these benefits of using the internet technology for research and development also bring the potential for unallowed access by people who are looking for ways to steal or corrupt information that doesn’t belong to them.
In the last two years, we’ve seen multiple occurrences of cyberattacks against intellectual property security. Two most notable cyberattack events included WannaCry and Petya ransomware campaigns. The attackers used a vulnerability in the Windows operating system that was allowing them to block access to certain parts of the server until the victims decided to pay. Nevertheless, even if you pay the ransom to the executor of the breach, it’s impossible to be sure that all the information will be back and accessible. Therefore, it’s important to understand the most common data security risks, how to avoid the loss of intellectual property, and what to do in case you fall victim to ransomware or some other form of cyberattack.
Since institutions of higher education contain more than just research and collaboration data but also keep private student information, staff data, operational data and applications that maintain the work process, and many other sensitive pieces of information, there are multiple levels of threats and numerous ways in which an attack could occur. Let’s take a look at some of the most common digital security risks.
Cloud services safety
Since data centers require a lot of resources, most institutions of higher education decide to use cloud services which allow them to store their data on third-party servers whilst keeping the same level of operational process and usability comfort. However, it’s not an easy thing to transfer all the data to a third-party server that’s accessible via the internet, as these systems are easy to breach. Cloud security threats are, therefore, the main playfield for hackers which is why it’s important to make sure that the cloud service vendor is offering the level of security that fits the safety requirements needed for the protection of intellectual property.
The higher education security council developed a specialized tool that allows universities and colleges to assess the quality of the cloud service. Higher Education Cloud Vendor Assessment Tool allows the review of the quality of service to ensure the cloud vendor can meet the expectations.
Denial of service attack is a type of cybersecurity issue that firewalls and antivirus software can’t prevent, however, they can reduce the potential for an attack to take place. These forms of attack prevent users from accessing network resources by flooding the servers with information. DoS attacks most commonly occur in the form of email spam or data upload to a single or a group of computers on the network.
Malware attack represents unrequested installation of a piece of software which causes a system crash or disables normal network and data access. For example, you get a message on your e-mail from some writing companies that provide writing assistance and you think “that’s great, they can help me to write my essay for cheap“. You follow the link in your message, but you need to be aware that it could be just the attack.
Antivirus software and malware protection can keep a system secure up to a certain level, which is why it’s important to educate the staff on methods for identification, detection, and dealing with the malware threats. Federal Trade Commission offers a comprehensive Consumer Information guide on malware, which holds valuable tips and information regarding this threat.
One of the most common methods of cyberattack is Phishing. The reason why this threat is so common is that it’s easy to trick individuals into providing personal information without being aware they are victims of an attack. Phishing is when a person receives a link to a website that has a similar design and URL as a trusted page that requires login information. This could be a copy of the University website or a learning platform or any other page that requires login. The victim enters personal data that goes directly to the attacker. The only way to prevent phishing attacks is to train staff and all individuals with access to computers.
Unsecure personal devices
A wide array of institutions, especially colleges, and universities encourage “bring your own device” policy to facilitate sharing of information, social requirements, and cut the cost of obtaining technical equipment for everyone who would have the need. However, this policy comes with a risk because the more devices are connected to the network there is a higher chance of a security issue taking place.
The best way to ensure proper network and data security is to monitor the network, keep restricted levels of access, and installing security software that will deny access to untrusted resources.
Threat prevention and protection
The optimal method of preserving your intellectual property and ensuring network stability is to implement preventive and protective measures. These measures include various types of software as well as staff training, and implementation of security procedures. Here are some of the activities that are recommended for institutions of higher education.
Secure data storage
Regular data backups can help to avoid loss of information in case of an attack. Furthermore, backups allow security staff to compare backed up information with the recent data to detect if there are any corrupted files, applications, or other resources.
Access control and firewalls
Creating access control lists is the best way to ensure proper levels of access to the network, especially when we take into account “bring your own device” policy. However, it’s important to regularly update access lists to make sure that staff members or students who are no longer allowed access to the network are not on the access list, as well as to give higher clearance to those who have moved up on the security latter.
Firewalls limit the flow of information in and out of the network, thus providing safe information transit.
Develop security policies
Since there are different levels of access within most institutions of higher education like students, professors, visitors, other members of staff, all of them must be made aware of the threats of unsafe computer use. Creating policies that dictate the safe use of university computer resources is one of the most efficient methods of protection.
This security measure includes regular network scanning and vulnerability checking. In large systems, network scans can take a lot of time, which is why most institutions decide to hire professionals to perform network monitoring activities.
Colleges and Universities are large systems with a lot of users and massive data flow which makes them perfect targets for hackers. Besides, these institutions are home to valuable scientific and financial information which makes the prize even more compelling to attackers. For all these reasons, it’s of paramount importance to ensure networks stability and security. The protection of the intellectual property is best ensured through training of the faculty staff and implementation of all necessary security measures.