A Guide for Educational Institutions to Avoid Insider Threats

A Guide for Educational Institutions to Avoid Insider Threats

Cyber security has to now be as central to the safety of students and faculty as physical security is.

  • By Isaac Kohen
  • June 12, 2018

Across the US education institutions have to take on the task of managing sensitive information that are not just critical for the organization but also for each and every student’s and employee’s life going forward. One data breach is all it takes to cause not just financial harm to a person but in some cases physical harm if it was accessed by a malicious individual. With issues such as bullying, harassment, and increasing radicalization common among students and people in the community data security becomes ever more important.

When it comes to data security as we know it has become increasingly more about insider threats. This is different than the past where there was just a focus on securing the perimeter around where data was stored. Now with the digitization of everything, a data breach is simply a matter of unauthorized access. This is mainly due to how easy it is to duplicate or download data upon seeing it. Insiders who are usually employees, contractors, and third parties sometimes are threats. In 2017, The Dark Overlord hacker group managed to infiltrate Columbia Falls School District and acquiring the data from students, parents, and faculty of more than 30 schools in the region. This resulted in classes being cancelled for three days. Hackers used the data to harass parents with death threats against their children and to faculty. Their ransom letter even alluded to the Sandy Hook shooting incident.

Cyber security has to now be as central to the safety of students and faculty as physical security is. With the right data any malicious actor can be a significant threat. Thankfully there are some steps that institutions can take to ensure the safety of their community on campus. While some school districts struggle financially the tools and practices for security are often inexpensive with a lot of savings.

Security Education & Training

The value of education on a topic should be of no surprise to educational institutions. While most are prioritizing creating a safe space for students and educators to have optimal outcomes, cyber security remains a vulnerability for most places. In today’s environment incidents such as what happened with Dark Overlord are common, but they often happen with the negligent aid of an employee or some other insider with access to sensitive data. Someone who is part of administration or faculty may open a link in a suspicious email. That link may trigger a download of backdoor access malware or ransomware. This ultimately results in a data breach. Simple incidents such as downloading attachments or clicking links can put many people’s lives at risk. As many educators know just a set of powerpoint slides does not reinforce knowledge. Instead what is needed is training. Students already have their activity monitored when they sign in to school computers which of course allows schools to identify and act on threats. However, when it comes to administration, they are not always monitored as closely. Administration and educators alike need continuous training to master security. Focus on topics such as phishing, ransomware, incident response, and communication practices.

Monitoring

The monitoring of applications and emails helps to mitigate user’s risky behavior. Monitoring is more than viewing a session, it involves the analysis of network log data to learn about behavior patterns on the network and by each individual user. This is called behavioral analytics and it is an increasingly common technology that integrates the practice of log analysis with machine learning to understand insider threats on your network. At minimum emails, applications, and keystrokes on terminals and the network need to be monitored.

Prevention

Training and monitoring alone will not keep your campus safe. There needs to be policies and practices in place that mitigate the exposure of sensitive data in the first place. One of the easiest things to do on your campus right now is to review and manage permissions to sensitive data based on role. Additionally it would help to review what is defined as sensitive. If the campus has information about social media accounts of a student for example, a leak could bring harm to that student potentially. Another preventative measure to take is to structure tasks and work to minimize stress. When employees are under stress they make many more simple mistakes, like opening a suspicious attachment or link.

Insider threats are able to be mitigated. Campuses have some unique aspects about them but the underlying security measures that need to be taken are similar to other organizations. When it comes to students campuses are often much more proactive about security than they are about their own faculty. Be sure to treat every person with access to the network as a potential security threat. You can learn more about insider threats from the guide developed by the Carnegie Mellon CERT team.

About the Author

Isaac Kohen is the founder and CEO at Teramind Inc.

Featured

  • Black Hills State University Takes an Open, Scalable Approach to Video Security

    Black Hills State University recognized the need for a centralized video system to improve campus security and streamline operations. The university sought a solution that could unify its main campus with a satellite location, enable cross-department access, and scale with future growth. By implementing open platform video technology, BHSU laid the foundation for a comprehensive, flexible, and scalable security infrastructure. Read Now

  • Pennsylvania School Uses Locked, Rolling Security Grille to Control Spectators, Secure Building

    St. Jude School in Mountain Top, Pennsylvania, is a private Catholic elementary school that serves students from Pre-K through grade 8. Recognized as a Blue Ribbon School by the U.S. Department of Education, St. Jude offers diverse educational programs designed to foster a nurturing and challenging learning environment, and extracurricular activities like sports are an integral part of promoting teamwork, discipline, and physical fitness. Read Now

  • Fire-Rated Glazing Assemblies Modernize Academic and Social Hub

    In spring 2023, the University of Pittsburgh opened the doors to a seven-story west wing addition to Alan Magee Scaife Hall. The medical school building features several updated lecture halls, labs and classrooms. It also includes team-based learning and small group rooms as well as an entire floor dedicated to medical students. This floor is meant for students to congregate, study and build community. Read Now

  • Access Control Trends Continue to Strengthen School Safety Security

    Class period bells have been ringing across campuses for a few months now, but that doesn’t mean the subject of safety was fully settled before the start of the new school year. As one wise person once said, “It’s a journey, not a destination”. That’s why it remains a leading issue among administrators, faculty, students, and communities. Schools are striving to be at the top of their class when it comes to the ability to control access instantly and securely, monitor suspicious behavior accurately and consistently, and respond to threats immediately and effectively. Ultimately, they aim to provide a reassuring, comfortable, and conducive environment for a rich learning experience. These goals apply whether at a community college in Southern California, a major university in Pennsylvania, or a rural K-12 district in Michigan. Read Now

Most   Popular

Webinars