Major Challenges Require New Solutions
Education Cybersecurity Weekly is a curated weekly news overview for those who are concerned about the Education industry. It provides brief summaries and links to articles and news across a spectrum of cybersecurity and technology topics that are specific to the industry.The biggest part of phishing emails in education includes an attached invoice - users click on an infected link and the malicious process begins.
Phishing never ends – don’t get fooled by ‘attached invoice’
Campus Technology on October 15, 2018
Digital security vendor Cofense released the “State of Phishing Defense 2018” report providing some interesting statistics. According to it, the biggest part of phishing emails (about 66%) in education includes an attached invoice – users click on an infected link and the malicious process begins. 28% of attacks are based on a payment notification scheme while 6% of hackers try online order ploys.
Furthermore, seven of the top ten phishing campaigns put “invoice” in the subject header also using words like “payment remittance,” “statement” and “payment”. In most cases (nearly 55%) the main aim is to get user logins and access to the internal information.
To reduce the risks organizations should run phishing simulations and train users to view attachments suspiciously. As 45% of malware “lurks” in Microsoft Office macros, recipients need to disable macros in emails and block documents from both known malware sources and unknown sites.
Meet a new generation of network solutions in Higher Ed
EdTech Focus on HigherEd on October 15, 2018
Have a look at the new generation of solutions to overcome challenges of securing and simplifying university network management:
- Campus network demands can complicate security in different aspects.
Larry Brandolph, associate vice president and CISO at Temple University, relies on numerous vendors to provide technology to build and maintain Temple’s network. His team upgraded to a new firewall and took a better advantage of existing distributed denial of service defenses. Also, Brandolph picked six key items of the National Institute of Standards and Technology’s Cybersecurity Framework to assess Temple’s network.
- Campus cybersecurity is a moving target.
Pittsburg State University has moved from a flat architecture to the increasingly segmented one – the team upgraded to Fortinet firewalls to monitor malicious URLs and block them. Thus, an adapting security strategy at Pitt State leaves almost no chance for malefactors.
- Tight security means strategic hardware upgrades.
The proactive security strategy would be useless without a stable, redundant and recoverable network. Vice President and CIO at Johnson County Community College Tom Pagano needed three years to reach this goal. Moving about half of the college systems to the cloud and a series of comprehensive technology audits uplifted JCCC’s Microsoft environment.
- Peer-to-peer support helps universities stay secure.
Both small educational organizations and huge universities face the same threats. There are platforms like REN-ISAC that help institutions stay abreast of new threats and learn from their peers. So information-sharing becomes a really powerful solution in building a robust security system.
Election cybersecurity in the University of Minnesota program
EdScoop on October 22, 2018
The data security is a must in the election process. In these terms, the University of Minnesota included cybersecurity in its Election Administration program.
According to Doug Chapin, CEA faculty and steering committee member, an eternal under-resourcing of election officials and the growing politicization of election policy are the main challenges of the U.S. voting system. Thus, it requires election administrators to be well-trained in the latest technology and aware of legal and policy challenges facing the voting system.
Larry Jacobs, director of the Center for the Study of Politics and Governance in the Hubert H. Humphrey School said that the curriculum is aimed at students, looking to start a career in election administration as well as enabling current election officials to improve their skills in cybersecurity and data management.