How To Protect Students and Staff from Phishing Attacks
Is it any wonder that for the third year in a row the top IT issue among Educause member institutions is information security – or that identity and access management, single sign-on and multifactor authentication are showing up on institutional security program roadmaps everywhere?
Keeping out the wrong people will go a long way in protecting your institution’s information. This report offers a straightforward process for doing that. What’s required is setting up three layers of protection: confirming that users are who they say they are, figuring out what’s known about them, and making sure they have access to the right applications and resources and no more.
Verizon’s annual “Data Breach Investigations Report” always makes for a gripping read. Security practitioners who study the threats profiled in its pages will be better positioned to defend against them. But in the 11 years the company has been collecting and consolidating data from numerous contributors to develop its findings, one aspect hasn’t changed. The two biggest threats leading to data breaches are compromised credentials, obtained through stolen or weak passwords, allowing the wrong people to pose as others.
Take this example. In March 2018 the U.S. Justice Department indicted nine Iranian hackers who, at the behest of their government, performed phishing scams on 100,000 American professors at 144 U.S.-based col-leges and universities (as well as 176 schools in 21 other countries). Over the course of several years, the hackers were able to get into the email accounts of thousands of faculty members, enabling them to steal 31 terabytes of intellectual property worth an estimated $3.4 billion dollars. How were some of the most brilliant people in the world tricked? Spear phishing emails sent to the victims indicated that the sender had read an article published recently by the pro