• Skip to main content
  • Skip to footer

Commonwealth Sentinel

Cyber Security for local government, non-profits and small business

MENUMENU
  • Home
  • About Us
    • Sheri Donahue
    • Leo Haggerty
    • Careers
  • Services
    • Vulnerability and Threat Evaluation
    • Transformation Management
    • CISO Management Services
    • Incident Response Management
  • News
  • Blog
  • FAQs
  • Contact Us

commonsent / February 16, 2023

Higher Ed has until June to Graduate their Cyber Security… Or Else!

Higher Ed has until June to Graduate their Cyber Security… Or Else!

When we talk about cyber security in education, it is not only for K through 12. Universities are an unfortunate target for cyber criminals as well. Especially those that are smaller with fewer resources. As with small businesses, non-profits, and smaller city and county governments, most resources at a regional college or university are often stretched to the limit for academic use. Therefore, they are less likely to have robust cyber security programs.

In the very places where we need to cultivate the future talent of cyber security practitioners, we are not protecting them with the very skills they are taught. Unfortunately, this has serious implications for the students, the universities, and their alum.

In just 2022, we know of at least 35 US colleges and universities hit with ransomware attacks. These include North Idaho College, Florida International University, North Carolina A&T University, Savannah College of Art and Design, and even Grand Valley State University in Michigan, which offers a degree in cyber security.

Stratford University in Virginia was hit with three ransomware attacks in 2022 alone! Then in August, the administration announced that the school would close at the end of the fall semester due to accreditation and finance issues. However, the fact that financial issues were part of the decision seems connected to having been attacked many times. At the very least, it indicates that once they were attacked, they did not take appropriate measures to shore up their defenses, allowing two additional attacks.

While Stratford had been open since 1976, another small college with a historic legacy faced a  similar fate. Lincoln College in Illinois, named after the President who ended slavery, had opened in 1865. The historically black college or university (HBCU) administration cited the many challenges it had overcome in its 157-year-existence from economic crises, fires, wars, and pandemics (1918 and 2020). This time, however, the challenges of the pandemic necessitated exponentially accelerating the transition to remote learning and dependence on technology to survive. While holding on by a thread, the unthinkable happened when a ransomware attack hit Lincoln College in December of 2021, which made all systems for registration, academic files, finance, admissions, and fundraising inoperable.

College President David Gerlach stated that the school’s IT director assured him four months before the attack that they “were all protected” after another local college had been attacked. They were not.

In November, Xavier University in Louisiana, the only Catholic HBCU, fell victim to a cyber attack in which the personal information of over 44,000 students and vendors was breached.

Last week, another ransomware attack hit Mount Saint Mary College in New York.

The HBCU schools that help people to become educated and give back to their communities are doing good work. However, there are always bad people out there who will hurt anyone if it helps them to make a dollar. To that end, it is a critical function of these school administrators to ensure their systems, data, and operations are protected. Otherwise, they may be the next to have to close their doors for good.

Most of these institutions rely on financial aid programs and do not have the extra resources to implement network security programs to protect their vital information and systems.

To help these institutions implement the proper controls, the U.S. Department of Education has notified all institutions of higher education that handle federal financial aid data that they have until June 09, 2023, to comply with the Gramm-Leach-Bliley Act (GLBA) Cybersecurity Requirements for safeguarding customer information (student data) as relates to Federal student financial aid programs (Title IV programs).

The requirements of the GLBA include administrative, technical, and physical safeguards of student financial aid data. Comprehensive programs must include nine elements that address the following:

  • Designation of a qualified, responsible individual to implement the program
  • A risk assessment
  • Implementation of safeguards to control the risks
  • Regular testing/monitoring
  • Policies and procedures
  • Plan for oversight of service providers
  • Continuous review of any changes that impact the information security program
  • Incident response plan
  • At least annual reporting to the institution on the information security program

Filed Under: Blog

Footer

CONTACT US

COMMONWEALTH SENTINEL

1230 US Highway 127 S
Suite #5
Frankfort KY 40601
(502) 320-9885

EMAIL US

ABOUT US

Cyber security consulting for local governments, non-profit organizations, and small businesses facing the threats of the cyber world.  At Commonwealth Sentinel, we are passionate about helping people be cyber-safe!

FOLLOW US

  • Email
  • Facebook
  • LinkedIn
  • Phone
  • Twitter
  • YouTube

Copyright © 2023 Commonwealth Sentinel

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT