Tenable Blog: Cyber Hygiene Education: Cybersecurity Summer Projects

By: Carlos Soto
August 30, 2016


Finding time to improve is never easy. Information security professionals within the education sector in particular seldom have the time to reexamine their practices or to implement new procedures during the school year. Compounding these constraints is the complexity of IT systems in colleges and universities.

Educational campuses are unique in the breadth of their IT missions. Not only must they serve large, mobile student populations, they also support the scientific and research needs of an academic staff while maintaining sensitive personal, academic, financial and medical records.

Cyber self-improvement is vital for schools, now more than ever. In April, the personal information of a Washington State school district was inadvertently released by the district after an outside party “spoofed” the email address from the superintendent. The email sought employee names, addresses, salary information and social security numbers.

Recently, certain Colorado schools experienced a security breach related to a proprietary platform called Infinite Campus. The Infinite Campus software stores personal and academic information, and may have released the personal information of over 2,000 students. Although several districts use the Infinite Campus platform, this compromised district expanded the collected data beyond grades, attendance and schedules to include highly confidential personal information. This may have been why they were targeted.

Most recently in Maine, a data breach widened as more employees complained of ID theft. In late March, district payroll employees received a phishing email which successfully tricked users into responding. The email asked for employee W-2 information. When several employees attempted to file tax returns this year, they discovered false ones had already been filed using their information.

Last summer, universities seemed to be more in the crosshairs as a flurry of cybersecurity incidents illustrated the growing threat facing higher education institutions.

  • The entire engineering school of a prominent Pennsylvania university had to be taken offline for an extensive investigation and clean-up of its network and systems.
  • Virginia universities were the target of a cyberattack against two officials whose work was connected with China.
  • Even one of our country’s oldest universities suffered a hack that compromised user credentials in eight schools.

For the Full Story Please Select Here