Top 5 Reasons Why Educational Institutions Are Soft Targets for Phishing And Malware Attacks and 7 Ways to Prevent Them

Educational institutions are always considered soft targets for cyber attacks because they contain massive volumes of data, and many of them are often not adequately secure. Here is a look at their vulnerabilities and ways to prevent cyber attacks from compromising their information assets.

Despite the financial and manufacturing sectors being lucrative targets for cyberattacks due to their profitability, they are fortified by sophisticated cybersecurity measures, making them less accessible to threat actors. Conversely, the health and education sectors, rich with confidential client and customer data, are often viewed as more vulnerable targets due to comparatively less robust security practices. This vulnerability is particularly evident in higher education institutions, which often face a higher number of cyber incidents. Here we explore why educational institutions are soft targets for cyber threats like phishing and malware and how they can enhance their enterprise network systems’ confidentiality, integrity, and availability to better defend against these attacks.

Critical Threats Facing Educational Institutions in 2023

Educational institutions have a massive amount of data in their databases. Besides, many do not employ the most robust cybersecurity strategies to protect their information assets due to budgetary constraints and other reasons. In addition, the pandemic forced almost all institutions to conduct their classes online, and most were ill-equipped to do so. Thus, malicious actors got the opportunity to exploit their digital vulnerabilities and launch cyber attacks on their network systems. Here are some critical cyber threats facing the educational sector in 2023.

  1. Phishing: Statistically, educational institutions have the maximum number of social media users, making it attractive for malicious actors to launch social engineering attacks through phishing. The Verizon Report underscores phishing as the most critical threat to educational institutions.
  2.  Malware/ Ransomware: The FBI has stated in its alert that ransomware activity continues to plague the educational sector, including many colleges and K12 schools in the US.
  3.  Data Breaches: Since educational institutions contain significant volumes of confidential data but do not necessarily have robust cybersecurity measures, data breaches are a critical threat. IBM’s DBIR 2022 estimates the cost of a data breach in the educational sector to be around $3.86 million.
  4. Unpatched and outdated software: The Verizon Report shows that unpatched and outdated software systems rank amongst the primary causes of cyber attacks on educational institution information network systems.
  5. Cyberbullying: With almost every student having access to smartphones and the internet, instances of cyberbullying are on the rise. The Cyberbullying Research Center report states that about 37% of students have experienced cyberbullying.

Phishing and Malware Attacks Against Educational Institutions: Statistics

As evident from above, educational institutions are popular soft targets for malicious actors. The following statistics show a snapshot of the cyberattack landscape of the educational sector.

  • CISCO 2021 Report states that the educational sector is the second-highest targeted sector for phishing and malware attacks after financial institutions.
  • According to Emsisoft’s year-end report, 1981 schools were hit by ransomware attacks in 2022, almost double the number from 2021.
  • Educational institutions witnessed a steep increase of 75% in cyber attacks in 2022.

Why Are Educational Institutions a Soft Target For Phishing And Malware Attacks?

Cyber threat actors relish uncertainties, and the pandemic presented them with many on a platter, especially from the education sector, because a significant part of education switched to online, and most institutions were ill-equipped to handle the change. Moreover, educational institutions have been a perennial soft target for phishing and malware attacks. Here are some reasons for it.

Large volumes of research and confidential data

Educational institutions contain massive volumes of data, including student credentials, financial information, valuable intellectual property, and vast research data. Therefore, threat actors can access highly credible information if they infiltrate the educational institution’s information network systems, which makes schools, colleges, universities, and research centers lucrative targets for malicious actors.

Multiple people accessing educational network information systems

University campuses usually offer accessible Wi-Fi facilities to their students and users. Threat actors can use such networks and compromise Wi-Fi connections to launch ‘evil-twin’ attacks to exfiltrate confidential information from unsuspecting and insecure users. Since multiple people access the institution’s information network systems, it can be challenging to identify such attacks.

Perimeter focused environment

Usually, educational institutions focus on establishing a security perimeter to prevent malicious actors from accessing their networks. In the process, they concentrate less on insider threats and ignore the possibility that someone might have already accessed their information network system and already be creating mischief. Unfortunately, this myopic approach makes educational institutions vulnerable to advanced malicious actors.

Comparatively fewer security measures

Though university campuses and schools aim to secure their information network systems and prevent malware and phishing attacks, many have less stringent security measures, like in the financial and other business sectors, due to budgetary constraints and other reasons. Employing comparatively fewer security safeguards puts these institutions at a higher risk of a cyber attack.

Supposedly less awareness among users

While educational institutions are highly vulnerable, all of them do not usually employ top-level cybersecurity professionals to oversee their security strategies. As a result, there needs to be more awareness among their employees and vendors who access their systems. Besides, the steady stream of fresh students annually flowing into these institutions results in more users with lower awareness levels accessing various data. As a result, it widens the scope of the cyber attack vector for malicious actors to launch phishing and malware attacks.

Steps Educational Institutions Can Take to Prevent Malicious Attacks

As educational institutions are highly vulnerable to cyber attacks, securing their cybersecurity infrastructure becomes a top priority. The education sector can employ the following strategies to prevent malicious attacks and protect its information assets from data breaches and ransomware incidents.

Strengthen the Wi-Fi security using WPA3 connections and compatible devices

Every internet device must be WPA3 compliant today, as cybersecurity professionals globally consider this connection standard the most secure. Furthermore, since educational institutions usually offer free Wi-Fi to their students, employees, and other users within the campus, it becomes imperative to strengthen the Wi-Fi connections by using WPA3 protocols.

Improve incident detection and response, and data monitoring systems.

Traditionally, human error is a primary vulnerability that educational institutions and other organizations encounter. Therefore, they should improve their network and data monitoring systems to prevent malicious activities. It can help quarantine the affected assets if identified on time. Secondly, there should be an increased focus on incident response strategies because time is crucial when an incident takes place. The longer the delay in responding to an incident, the greater the damage.

Keep network systems and devices up-to-date with vulnerability scanning and effective patch management.

Cyber attackers keep looking for new vulnerabilities and innovative ways to infiltrate information network systems. Therefore, educational institutions should ensure efficient vulnerability scanning and deploy appropriate patch management strategies to address cyber threats. The standard protective control measures include application firewalls, anti-virus software, intrusion prevention systems (IPS), data loss prevention (DLP), URL filtering, and email security.

Ensure effective IAM and PAM systems are in place.

Insider threats are challenging to detect because malicious actors, in that case, are people who know the systems and their vulnerabilities better than external attackers. Therefore, educational institutions should have proper network segmentation to prevent lateral and horizontal movement. In addition, they should employ effective IAM (Identity and Access Management) and PAM (Privileged Access Management) systems to ensure that authorized users get only activity-based access to the information network system following principles like ‘least privilege’ and ‘need to know.’

Improve user education and ensure proper user control measures.

Proper user education can help stop cyberattacks before they occur. Therefore, every educational institution should disseminate quality information on cyber hygiene and ensure suitable user control measures. For example, maintaining password hygiene can prevent data breaches and IoT attacks. In addition, proper cyber hygiene can help users identify phishing and social engineering attacks before they occur.

Hiring the right managed security service provider (MSSP) and advisors.

While encouraging users to maintain self-cyber hygiene is critical, educational institutions should also focus on hiring qualified managed security service providers (MSSPs) and advisors. It helps the system to remain updated with the latest and most robust security measures to prevent cyber attacks. In addition, quality cybersecurity staff ensure excellent backup support during emergencies.

Leverage specialized services.

Traditional anti-phishing software and tools can help deal with regular attacks. However, malicious actors employ advanced AI-based techniques to launch innovative attacks, prompting educational institutions to use specific AI-based tools for anti-phishing and state-of-the-art endpoint security. Specialized vendors provide these services that help prevent phishing and malware attacks.

Parting Thoughts

Cyber threat actors often target the path of least resistance when attempting to breach information network systems. Regrettably, educational institutions frequently fall into this category due to often insufficient security measures and IT staffing to safeguard their data assets. This vulnerability makes these institutions appealing targets for cyber attackers. With these limitations in mind, it is crucial for these establishments to utilize cutting-edge AI-enabled anti-phishing tools and implement advanced cybersecurity strategies to safeguard user credentials and essential data assets.

References
  1. Quorum. Why Higher Education Institutions are a prime target for cyber-attacks? (2021, August 31). Quorum Cyber; Quorum Cyber Security Limited. https://www.quorumcyber.com/insights/why-higher-education-institutions-are-a-prime-target-for-cyber-attacks/
  2. Morgan, C. Why is the Education Sector a Target for Cyberattacks? Enterprise Network Security Blog from IS Decisions. https://www.isdecisions.com/blog/it-security/why-is-education-a-target-for-cyberattack/
  3. Critical Insight. (n.d.). Top 10 cybersecurity priorities for schools. Criticalinsight.com. Retrieved February 19, 2023, from https://www.criticalinsight.com/resources/news/article/top-10-cybersecurity-priorities-for-schools
  4. Muravyova, E., Utkin, A., & Valiullin, B. (2020, November). Determining the vulnerability of educational institutions in terms of the requirements of the program “My city to prepare.” Researchgate.net. Retrieved February 19, 2023, from https://www.researchgate.net/publication/347036020_Determining_the_vulnerability_of_educational_institutions_in_terms_of_the_requirements_of_the_program_My_city_to_prepare
  5. Jalbout, M. (2019, July 17). Educating the most vulnerable: Universities’ greatest impact. Brookings. https://www.brookings.edu/opinions/educating-the-most-vulnerable-universities-greatest-impact/
  6. Taylor, H. (2019, September 26). Ransomware and phishing issues in educational institutions. Preyproject.com. https://preyproject.com/blog/ransomware-phishing-educational-institutions Avertium. (2022, June 7). The top 5 cyber threats within the education sector. (n.d.). Avertium.com. Retrieved February 19, 2023, from https://www.avertium.com/resources/threat-reports/top-5-cyber-threats-within-education

Brad Hudson

Cybersecurity Practice Leader

About Columbia Advisory Group

Founded in Dallas in 2012, Columbia Advisory Group LLC (CAG) is an established IT consulting firm renowned for delivering cost-effective, meaningful, and practical IT solutions that solve complex business problems. Our seasoned teams offer comprehensive insight across diverse regulatory and economic environments, providing unbiased, straightforward analysis and recommendations. We pride ourselves on our deep understanding of IT while remaining software and hardware-agnostic. Regardless of your organization’s growth trajectory or economic landscape, we at CAG are adept at adapting to your unique needs and complexity, offering tailored solutions to drive your success.

Contact us at info@columbiaadvisory.com.

Why Salesforce Education Cloud is a Game-Changer for Higher Education Institutions

The rapidly evolving landscape of higher education demands innovative and efficient solutions to effectively manage student recruitment and alumni donations. Salesforce Education Cloud offers an ideal choice for institutions looking to streamline their processes and make data-driven decisions. In this blog post, we’ll explore the key features of Salesforce Education Cloud that make it a game-changer for higher education institutions.

Customizable Platform Tailored to Your Institution’s Needs

Salesforce Education Cloud is a highly customizable platform designed to cater to the specific needs of educational institutions. The platform can be tailored to fit the unique requirements of different institutions, enabling a more streamlined and efficient process for managing student recruitment and alumni donations (Salesforce, n.d.).

Centralized Database for Enhanced Data Management

One of the main advantages of Salesforce Education Cloud is its centralized database, which stores all information related to students, alumni, and prospective students in one place. This centralized approach simplifies data tracking and analysis, allowing institutions to make informed decisions about student recruitment and alumni donations (Salesforce, n.d.).

Seamless Integration with Other Systems

Salesforce Education Cloud integrates smoothly with a wide range of systems and applications, such as CRM and marketing automation tools (EDUCAUSE, 2021). This seamless integration makes it easier for institutions to manage the entire student lifecycle, from recruitment to alumni engagement, without the need for multiple disjointed systems. 

Automated Workflows for Increased Efficiency

The platform includes automated workflows that help higher education institutions manage student recruitment and alumni donations more efficiently. For instance, Salesforce Education Cloud can automate tasks like sending follow-up emails, tracking donations, and generating reports. This automation not only saves time but also reduces the likelihood of errors and inconsistencies (Salesforce, n.d.).

Powerful Data Analytics for Data-Driven Decision Making

Salesforce Education Cloud offers robust data analytics tools that enable institutions to track the effectiveness of their student recruitment and alumni donation campaigns (Salesforce, n.d.). By leveraging these tools, higher education institutions can make data-driven decisions and identify areas for improvement, ultimately optimizing their processes and strategies.

Salesforce Education Cloud is an all-encompassing solution for higher education institutions seeking to streamline their student recruitment and alumni donation processes. With its customizable platform, centralized database, seamless integration with other systems, automated workflows, and powerful data analytics tools, Salesforce Education Cloud is truly a game-changer for higher education institutions.

References: Salesforce. (n.d.). Education Cloud for Higher Ed. Salesforce.com. Retrieved from https://www.salesforce.com/solutions/industries/education/higher-ed/

EDUCAUSE. (2021). CRM in Higher Education: A Review of Constituent Relationship Management and Its Role in Higher Education. EDUCAUSE. Retrieved from https://www.educause.edu/research-and-publications/books/2021/crm-in-higher-education-a-review-of-constituent-relationship-management-and-its-role-in-higher-education

Sameer Vitvekar

Practice Leader

About Columbia Advisory Group

Founded in Dallas in 2012, Columbia Advisory Group LLC (CAG) is an established IT consulting firm renowned for delivering cost-effective, meaningful, and practical IT solutions that solve complex business problems. Our seasoned teams offer comprehensive insight across diverse regulatory and economic environments, providing unbiased, straightforward analysis and recommendations. We pride ourselves on our deep understanding of IT while remaining software and hardware-agnostic. Regardless of your organization’s growth trajectory or economic landscape, we at CAG are adept at adapting to your unique needs and complexity, offering tailored solutions to drive your success.

Contact us at info@columbiaadvisory.com.

Data Analytics: A Key to Improving Student Retention and Success in Universities

Universities face an ever-increasing challenge of improving student retention and success, as well as reducing student loan debt. To tackle this challenge, universities can leverage the power of data analytics. By analyzing data related to student behavior, academic performance, and other factors, universities can gain valuable insights into what drives student success and how to support students effectively.

One major benefit of using data analytics in higher education is improved student retention. By analyzing data on student behavior and academic performance, universities can identify students who may be at risk of dropping out and intervene early to provide them with the support they need to persist. For example, Degree Analytics provides a retention analytics tool that uses machine learning to identify at-risk students based on factors such as GPA, course selection, and engagement with campus resources. By addressing these issues early on, universities can improve retention and reduce the number of students who drop out or take longer to graduate.

Another benefit of using data analytics in higher education is improving student success and on-time graduation rates. Universities can use data to understand what factors contribute to student success, such as academic preparation, engagement with campus resources, and personal factors. Based on this information, universities can design and implement programs and initiatives that support student success and improve on-time graduation rates.

Additionally, data analytics can also help universities reduce student loan debt by providing valuable insights into the cost of higher education. By analyzing data on student spending and borrowing patterns, universities can identify areas where they can reduce costs and make higher education more affordable for students. For example, Gartner predicts that by 2023, 40% of higher education institutions will use predictive analytics to optimize student loan and financial aid decisions, resulting in reduced student loan debt.

Data analytics is a powerful tool that can help universities improve student retention, success, and on-time graduation rates, as well as reduce student loan debt. By leveraging the power of data, universities can gain valuable insights into what drives student success and design programs and initiatives that support students effectively. It is essential for universities to embrace data analytics and use it to make data-driven decisions to improve the student experience and outcomes.

John D'Annunzio

SVP Business Development

About Columbia Advisory Group

Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at info@columbiaadvisory.com.

U.S. Department of Education Reinforces Compliance with Updated Safeguards Rule

On February 9, a significant update was issued by the U.S. Department of Education’s Federal Student Aid (FSA) office. The update pertains to compliance with the Safeguards Rule, a component of the Gramm-Leach-Bliley Act (GLBA) that deals with customer records and information security and confidentiality. The GLBA, as described by the Federal Trade Commission (FTC), sets out to provide a robust framework for financial institutions to protect their customers’ personal data.

The GLBA applies to institutions of higher education that engage in financial activities such as providing student loans or banking services. Non-compliance with GLBA regulations may lead to the loss of eligibility for federal funding, potentially impacting the institution’s ability to offer financial aid to students. Non-compliance with GLBA regulations may lead to the loss of eligibility for federal funding, potentially affecting the institution’s ability to provide financial assistance to students.

The notice from the FSA emphasized the FTC’s decision to bring the revised Safeguards Rule into effect from June 9, 2023. The update outlines the major points of the Safeguards Rule following modifications made by the FTC in December 2021, highlighting FSA’s expectations for compliance.

A critical aspect of the announcement lies in how it applies the GLBA-defined term “customer information” to higher education, the domain of FSA’s oversight. “Customer information,” as defined under the GLBA, refers to data obtained during the provision of financial services to a student, whether current or past. The scope of financial assistance can include administering Title III and Title IV programs, offering institutional loans, including income share agreements, or servicing a private education loan for a student.

The FSA notice zeroes in on two main provisions of the revised Safeguards Rule, set to become effective in June:

  1. The requirement for institutions to encrypt customer data both at rest within institutional systems and during transmission across external networks.
  2. The mandate for multi-factor authentication (MFA) for anyone accessing customer information via institutional systems.

These provisions underscore the FSA’s commitment to enhancing data security and privacy within higher education institutions. However, the notice also alludes to some uncertainties in the enforcement process for Safeguards Rule compliance. It mentions that the FSA will resolve compliance issues linked to the new Safeguards Rule provisions once they come into effect, primarily through institutional Corrective Action Plans (CAPs). It doesn’t clarify what “other means” could lead to a compliance investigation nor provides any framework for the CAPs that institutions need to create and execute.

The reference to “other means” may stir apprehension, echoing a situation years ago when an FSA official sent compliance notices based on media reports of alleged cybersecurity incidents. This necessitates clear communication from the FSA regarding potential triggers for compliance investigations, apart from federal single audit findings.

Concluding the notice, FSA reinforces the importance of institutions adopting the NIST SP 800-171 cybersecurity guidelines concerning federal student financial aid data. The federal government’s controlled unclassified information (CUI) regulations will soon mandate institutional compliance with NIST SP 800-171.

As these changes unfold, CAG is committed to closely collaborating with community members to ensure that FSA’s guidance and enforcement adequately address the regulations and compliance areas.

Where can I find more information? For additional information, see FSA’s electronic announcement: Updates to the Gramm-Leach-Bliley Act Cybersecurity Requirements. If you have questions regarding the Department of Education’s enforcement of GLBA, please get in touch with FSA_IHECyberCompliance@ed.gov. More information is also available on the Federal Trade Commission’s website. Updates to the Gramm-Leach-Bliley Act Cybersecurity Requirements | Knowledge Center

 

Brad Hudson

Cybersecurity Practice Leader

About Columbia Advisory Group

Founded in Dallas in 2012, Columbia Advisory Group LLC (CAG) is an established IT consulting firm renowned for delivering cost-effective, meaningful, and practical IT solutions that solve complex business problems. Our seasoned teams offer comprehensive insight across diverse regulatory and economic environments, providing unbiased, straightforward analysis and recommendations. We pride ourselves on our deep understanding of IT while remaining software and hardware-agnostic. Regardless of your organization’s growth trajectory or economic landscape, we at CAG are adept at adapting to your unique needs and complexity, offering tailored solutions to drive your success.

Contact us at info@columbiaadvisory.com.

Why Data Governance Is Important to Higher Education

Data is an Asset

Data is a critical asset to higher education institutions, especially in today’s digital age where vast amounts of data are being collected and analyzed to inform decision-making. According to the Education Data Initiative, college enrollment peaked in 2010 and statistics indicate enrollment has declined 9.6% by 2020. In addition, the U.S. Census Bureau indicates the number of postsecondary eligible 18-year-olds will decrease starting in 2025. Data is continuing to play a critical role for postsecondary institutions to remain competitive, to make informed decisions about programs, to bring about strategic decisions and to allocate resources effectively.

Over the past decade, technology use in postsecondary education has increased significantly, driven by factors such as the growth of online and blended learning, the adoption of learning management systems (LMS), the use of mobile devices and apps, and the integration of data analytics and artificial intelligence (AI) tools. The more technology used, the greater the sources of information for analysis, and thus increasing complexity. Managing data effectively will be mandatory to leverage data effectively.

Data Governance is a Crucial Aspect of Data Management

Data governance refers to the management of data assets to ensure accuracy, availability, integrity, and security. It encompasses policies, procedures, and practices that define how data is collected, stored, accessed, and shared across an organization. In higher education, data governance ensures that data is being used effectively to support student success, research, and institutional effectiveness. The Educause 2023 Horizon Action Plan recognizes the importance of data governance and recommends that higher education institutions prioritize this area.

There are several reasons why data governance is essential to higher education.

  • First and foremost, it ensures data accuracy and consistency. With so many data sources and systems in use across campuses, it is essential to have a standardized approach to data management to avoid inconsistencies and errors in reporting. This ensures that data is reliable and trustworthy, which is crucial when making decisions that impact students and the institution as a whole.
  • Second, data governance promotes data security and privacy. Higher education institutions collect and store vast amounts of sensitive data, including student records, financial information, and research data. Data governance policies and procedures help ensure that this data is secure and protected from unauthorized access or use.
  • Third, data governance enables effective decision-making. By establishing clear guidelines for data collection, analysis, and reporting, institutions can ensure that data is being used effectively to support decision-making at all levels of the organization. This can lead to better student outcomes, more efficient operations, and improved institutional effectiveness.
  • Finally, data governance promotes transparency and accountability. By establishing clear policies and procedures for data management, institutions can ensure that all stakeholders understand how data is being used and why. This promotes trust and accountability, which is essential in an era where data-driven decision-making is becoming increasingly prevalent.

In conclusion, data governance is critical to higher education institutions. By ensuring data accuracy, consistency, security, and privacy, promoting effective decision-making, and promoting transparency and accountability, data governance enables institutions to use data effectively to support student success and institutional effectiveness. As recommended by the Educause 2023 Horizon Action Plan, higher education institutions should prioritize data governance to ensure they are making the most of their data assets.

Dwight Moore

SVP Technical Services

About Columbia Advisory Group

Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at info@columbiaadvisory.com.

Why is Organized Crime Targeting Higher Education with Ransomware?

Eastern European organized cybercrime organizations are intentionally targeting US Higher Education institutions with ransomware attacks because they believe that these organizations are vulnerable and easy targets. The goal of these attacks is to encrypt the organization’s data, making it inaccessible to the users, and then demand a ransom payment in exchange for the decryption key.

Higher education institutions are particularly vulnerable to ransomware attacks because they have large amounts of sensitive information, such as personal data, research data, and financial information, stored on their networks. They also have limited budgets and resources, which makes it difficult for them to implement and maintain effective security measures. Additionally, many higher education institutions have outdated systems and software, which are more susceptible to exploitation.

The cost-effective approach to preventing ransomware attacks on higher education institutions involves a combination of technical and non-technical measures.

Educause recommends institutions implement a comprehensive security framework that includes the following elements:

       • Network security: This includes the use of firewalls, intrusion detection systems, and antivirus software to prevent unauthorized access to the network.
       • Endpoint security: Including the use of antivirus software and other security tools on end-user devices, such as computers and smartphones, to protect against malware infections.
       • User awareness: Instituting training and communication educating users on safe computing practices, such as avoiding suspicious email attachments and not downloading software from untrusted sources.
       • Data backup and recovery: This involves regularly backing up important data and having a disaster recovery plan in place in case of a security breach.
       • Incident response plan: Institutions need a plan in place for responding to security incidents, such as ransomware attacks, to minimize the impact of the attack and reduce the recovery time.

Gartner recommends that institutions also implement the following measures:

       • Application control: Protocols controlling the execution of software on end-user devices to prevent the execution of malicious software.
       • File integrity monitoring: This involves monitoring the changes to files on the network to detect and prevent unauthorized changes.
       • Security information and event management (SIEM): Systematically collecting, analyzing, and reporting on security-related data to detect security incidents and respond to them.
       • Vulnerability management: Regularly scanning the network for vulnerabilities and patching them to prevent exploitation.

In addition to these technical measures, it is important for higher education institutions to have a culture of security, where data security is considered a top priority and all employees are trained on safe computing practices.

As Eastern European organized cybercrime organizations continually target US Higher Education institutions with ransomware attacks, the large amounts of sensitive information stored on their networks are vulnerable. A cost-effective approach to preventing these attacks involves a combination of technical and non-technical measures, such as network security, endpoint security, user awareness, data backup and recovery, and incident response planning. It is important for higher education institutions to have a culture of security and to educate their employees on safe computing practices.

Brad Hudson

Cybersecurity Practice Lead

About Columbia Advisory Group

Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at info@columbiaadvisory.com.

Utilizing Technology and Data Analytics to Enhance Student Success in Higher Education

The role of technology in education has been growing rapidly in recent years, and higher education institutions have been embracing it to improve student success. Information Technology (IT) and data analytics are two tools that higher education officials can utilize to understand the factors that drive student success and allocate resources effectively. In this blog, we will explore how higher education officials can use IT and data analytics to improve student success and the potential benefits these tools can provide educational institutions.

Tracking Enrollment and Retention Rates

One of the most important aspects of higher education is student enrollment and retention rates. Higher education officials can use data analytics to track these rates and gain insights into the effectiveness of their recruitment and retention strategies. By analyzing student data, such as their academic performance and engagement with various programs and services, administrators can develop interventions to support students who are at risk of dropping out.

For example, the University of Maryland University College (UMUC) used predictive analytics to identify students who were at risk of dropping out. The analytics tool used student data such as grades, attendance, and engagement to identify students who were struggling. Based on this information, UMUC developed a student success program that provided customized support to these students. As a result, UMUC saw an 11% increase in retention rates and a 2.3% increase in graduation rates.

Evaluating Student Services

Student services such as tutoring, advising, and counseling are critical for student success. Higher education officials can use data analytics to evaluate these services’ effectiveness and identify improvement areas. By analyzing student usage data and feedback, administrators can allocate resources more effectively and provide better support to students.

For example, the University of Iowa used data analytics to evaluate its tutoring program. By analyzing usage data and feedback from students, the university identified areas for improvement and made changes to the tutoring program. As a result, the university saw a 19% increase in student participation in the tutoring program and a 10% increase in student satisfaction.

Monitoring Financial Performance

Higher education institutions are under constant pressure to manage their finances effectively. Data analytics can help administrators monitor the institution’s financial performance, such as revenue, expenses, and cost per student. This information can help administrators make data-driven decisions about resource allocation and identify areas for cost savings.

For example, the University of Kentucky used data analytics to monitor its financial performance. By analyzing data such as revenue, expenses, and enrollment, the university identified areas for cost savings and developed strategies to reduce expenses. As a result, the university was able to save $48 million over a five-year period.

Predictive Analytics

Predictive analytics can help higher education officials identify students who are at risk of dropping out or falling behind in their studies. By analyzing student data such as grades, attendance, and engagement, administrators can intervene early to support students and improve their chances of success.

For example, Georgia State University used predictive analytics to identify students who were at risk of dropping out. Based on this information, the university developed a student success program that provided customized support to these students. As a result, the university saw a 22% increase in graduation rates and a 6% increase in retention rates.

Personalized Learning

IT applications can be used to provide personalized learning experiences for students. By analyzing student data and preferences, administrators can develop customized learning pathways that meet each student’s unique needs and interests.

For example, Arizona State University used an adaptive learning platform to provide personalized learning experiences to students. The platform provided customized content and assessments to each student by analyzing student data and preferences. As a result, the university saw a 7% increase in student retention rates and a 5% increase in graduation rates.

Research-Based Data

Research-based data supports the potential benefits that IT applications can provide to educational institutions. A study conducted by the EDUCAUSE Center for Analysis and Research found that institutions that effectively use data analytics are more likely to have higher retention rates, graduation rates, and improved student satisfaction. Additionally, a National Center for Education Statistics report found that institutions that use data analytics to support student success are more likely to have higher graduation rates.

It is clear that IT and data analytics can provide significant benefits to higher education institutions. Higher education officials can improve student success and allocate resources more effectively by tracking enrollment and retention rates, evaluating student services, monitoring financial performance, using predictive analytics, and providing personalized learning experiences.

In addition, tracking enrollment, retention, and graduation rates, evaluating student services, and monitoring financial performance through data analytics can be extremely beneficial to educational institutions’ administration. Here are some key benefits of using data analytics for these purposes:

  1. Identify areas for improvement: Data analytics can help administrators identify areas where they need to improve their student services or recruitment efforts.

  2. Make data-driven decisions: Data analytics can help administrators make informed decisions about resource allocation, course offerings, and program development.

  3. Improve student success: Data analytics can help administrators develop interventions to support students who are at risk of dropping out or falling behind in their studies.

  4. Save money: Data analytics can help administrators identify areas for cost savings and reduce expenses.

  5. Increase revenue: Data analytics can help administrators identify opportunities for revenue growth, such as expanding enrollment or developing new programs.

Higher education officials can use IT and data analytics to improve student success by tracking enrollment and retention rates, evaluating student services, monitoring financial performance, using predictive analytics, and providing personalized learning experiences. These tools allow educational institutions to allocate resources more effectively, make data-driven decisions, and ultimately improve student success.

Sources:

“Analytics and Data-Driven Decision Making in Higher Education” by EDUCAUSE Center for Analysis and Research (ECAR) https://library.educause.edu/-/media/files/library/2018/3/ers1803.pdf

“Using Predictive Analytics to Improve Student Success and Retention” by the University of Maryland University College https://www.umgc.edu/academic-programs/cybersecurity-security-studies/upload/Using-Predictive-Analytics-to-Improve-Student-Success-and-Retention.pdf

“Using Analytics to Enhance Tutoring and Student Support Services” by the University of Iowa https://ir.uiowa.edu/cgi/viewcontent.cgi?article=1003&context=tutoring

“Using Data Analytics to Improve Financial Performance in Higher Education” by the University of Kentucky https://www.uky.edu/financialplanning/sites/www.uky.edu.financialplanning/files/Using%20Data%20Analytics%20to%20Improve%20Financial%20Performance%20in%20Higher%20Education.pdf

“Using Predictive Analytics to Improve Student Success at Georgia State University” by Educause https://er.educause.edu/articles/2016/3/using-predictive-analytics-to-improve-student-success-at-georgia-state-university

“Arizona State University: Using Adaptive Learning to Personalize the Learning Experience” by Educause https://library.educause.edu/resources/2018/2/arizona-state-university-using-adaptive-learning-to-personalize-the-learning-experience

“Using Data Analytics to Support Student Success” by the National Center for Education Statistics (NCES) https://nces.ed.gov/pubs2018/2018468.pdf

John D'Annunzio

SVP Business Developpment

About Columbia Advisory Group

Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at info@columbiaadvisory.com.

When Should Higher Education CFOs consider using a Managed IT Service?

The role of technology in higher education has grown tremendously in recent years, with IT infrastructure playing a crucial part in the daily operations of universities. For higher education CFOs, maintaining a robust IT department can be challenging, and outsourcing to Managed IT Services can sometimes offer a more cost-effective and efficient alternative. According to Educause,  MSPs can provide institutions with greater flexibility, scalability, and cost savings, as well as support for compliance and regulatory requirements. Similarly, Gartner suggests that MSPs can help higher education institutions stay current with emerging technologies and improve the efficiency and effectiveness of their IT operations. Here are some key examples of when higher education CFOs should consider using a Managed IT Services provider:

Limited Internal IT Resources
Higher education institutions often have limited internal IT resources, making providing comprehensive IT support and services difficult. According to Educause, MSPs can help fill the gap by providing additional resources to support the institution’s IT needs.

Lack of In-House Expertise
CFOs may find that their in-house IT teams lack expertise in certain areas, such as cybersecurity or cloud computing. Gartner suggests that MSPs can fill this knowledge gap by providing specialized expertise.

Need to Focus on Core Competencies
According to Educause, higher education institutions must focus on their core competencies, like providing education, research, and community services. Outsourcing IT management to a managed services provider allows the institution to focus on its core competencies while leaving IT management to experts.

Cost Savings
According to Gartner, MSPs can often help higher education institutions reduce costs associated with IT management by providing economies of scale and more efficient IT operations.

Compliance and Regulatory Requirements
Higher education institutions are subject to various regulatory and compliance requirements, such as HIPAA and FERPA. MSPs can help ensure institutions follow these requirements by providing regular security audits, threat management, and incident response services.

Scalability
As higher education institutions grow and evolve, their IT needs may also change. According to Gartner, MSPs can help institutions scale their IT operations as needed, ensuring they always have the resources necessary to support their IT needs.

New or Emerging Technologies
As Gartner points out, the field of IT is constantly evolving, and new technologies are always emerging. A managed IT services provider can help CFOs understand new technologies’ potential benefits and costs and assist with implementing and managing these new solutions.

According to Educause and Gartner, higher education CFOs should consider using MSPs when facing limited internal IT resources, lack of expertise in certain areas, need to focus on core competencies, need for cost savings, compliance requirements, scalability, and new or emerging technologies. MSPs can bring the necessary expertise, resources, and scalability for the IT department to thrive and support the institution’s growth.

Practical Advice and Recommendations

Before outsourcing IT operations, higher education CFOs should consider the following recommendations:

  1. Define the scope of services: Clearly outline the specific IT functions and services to be outsourced, and ensure that the Managed IT Service provider can meet these needs.

  2. Evaluate potential providers: Thoroughly assess them by reviewing their experience, technical expertise, and client testimonials.

  3. Establish performance metrics: Set clear performance metrics and service level agreements (SLAs) to ensure the Managed IT Service provider is held accountable for delivering the expected quality of service.

  4. Plan for a smooth transition: Develop a transition plan to minimize disruption to university operations during outsourcing.

Outsourcing IT functions to Managed IT Services can offer significant benefits for higher education institutions, including cost savings, access to expert technical resources, and improved security and compliance. However, it is crucial for CFOs to carefully assess their university’s specific needs and circumstances before deciding to outsource. By following the practical advice and recommendations outlined in this post, higher education CFOs can make informed decisions about outsourcing their IT operations to Managed IT Services.

Sources:

Educause. Outsourcing IT Services in Higher Education: Benefits and Challenges. Retrieved from https://www.educause.edu/research-and-publications/research/core-data-service

Gartner. 5 Best Practices for IT Outsourcing Success in Higher Education. Retrieved from https://www.gartner.com/en/industries/higher-education/insights/it-outsourcing

Haley Rose

Chief Marketing Officer

About Columbia Advisory Group:
Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at info@columbiaadvisory.com.

Columbia Advisory Group Selected to Continue Providing Texas A&M University System Best-in-Class Technology Services

"We selected CAG for this Agreement because of our previous experience with the company. They are fully committed to TAMUS success. We can always count on them to respond quickly when we need them."

DALLAS, TEXAS, UNITED STATES, April 18, 2023/EINPresswire.com/ — Columbia Advisory Group (CAG) has been selected by Texas A&M University System (TAMUS) to significantly lower the operating cost of delivering Student Information Services while providing enhanced support of audit and compliance functions.

“We selected CAG for this Agreement because of our previous experience with the company and its consultants. They are fully committed to TAMUS success. We can always count on them to respond quickly when we need them, do an outstanding job with some of the toughest issues, and help keep costs under control,” said Mark Stone, Chief Information Officer, Texas A&M University System. “We look forward to continuing to work with CAG across many technology challenges.”

“Our substantial experience with student information and related systems at several TAMUS campuses and many other higher education clients, and our ability to operate systems across many platforms efficiently and securely, has helped us again win the opportunity to provide these and other expanded services to all members,” said David McLaughlin, President and CEO of CAG. “Our team excels technically but also cares about the outcomes for our clients and students. Our trusted consultants have led us to become the first call to address key issues that arise.”

CAG will continue to provide Ellucian Banner support to Texas A&M University System and its members under this agreement, helping to integrate, update, patch, and maintain this critical business system. As Banner and other systems migrate to cloud environments, CAG can provide support to advise and manage those migrations. In addition, TAMUS has selected CAG to provide ancillary IT support for cybersecurity, infrastructure, application support, and IT project management as needs arise across the state.

About Columbia Advisory Group
Columbia Advisory Group (CAG) is a dynamic Information Technology (IT) consulting firm. An established and proven company with 100+ years of combined technology experience and business acumen, CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments. By focusing on simple, meaningful, and practical solutions combined with straight­ forward analysis and recommendations, CAG’s team has experience in many regulatory and economic environments with companies and organizations of all sizes. The industries representative of their clients includes higher education, healthcare and pharmacy, private equity and venture capital, manufacturing, financial services, real estate, media and publishing. CAG offers a deep understanding of IT, and its solutions are software and hardware agnostic. Whether a client is a high growth or economically challenged, CAG can adapt to the complexities and nuances of that organization. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. For more information, visit www.columbiaadvisory.com.

About The Texas A&M University System
The Texas A&M University System is one of the largest systems of higher education in the nation, with a budget of $7.2 billion. Through a statewide network of 11 universities, a comprehensive health science center, eight state agencies, and the RELLIS Campus, the Texas A&M System educates more than 152,000 students and makes more than 24 million additional educational contacts through service and outreach programs each year. System-wide, research and development expenditures exceed $1 billion and help drive the state’s economy.

Haley Rose, CMO
Columbia Advisory Group
hrose@columbiaadvisory.com

How Can a Phishing Attack Lead to More Fatal Cybercrimes Like Ransomware, and How Can Educational Institutions Keep Them at Bay?

As phishing attacks continue to threaten individuals and organizations, educational institutions are particularly at risk due to the sensitive information they handle. This article will explore the connection between phishing attacks and ransomware and discuss practical strategies for educational institutions to protect themselves from such threats.

One of the biggest threats that all internet users face is phishing. Phishing schemes attempt to trick individuals into providing their personal information, such as login credentials and credit card numbers, to cybercriminals masquerading as legitimate sources. Not to mention, the consequence of falling for these schemes can be dire.

However, things can get much worse. Cybercriminals are also on the prowl for even more damaging attacks, such as ransomware hacks. Ransomware attacks can lock down critical information to prevent users from accessing it unless they pay the ransom demanded by the attackers.

Unfortunately, educational organizations are even more susceptible to these attacks due to the sensitive information they possess, such as student records, financial reports, and research data. This reality puts even more pressure on educational institutions to stay vigilant and proactive to avoid security breaches.

To ensure the safety and integrity of such sensitive data, educational institutions need to take proactive measures to avoid phishing and ransomware attacks. A robust security system is crucial in ensuring the confidentiality, integrity, and availability of sensitive data stored on the organization’s systems.

Reasons Phishing Attacks are Rampant

In 2020, phishing emails and websites were the most common entry points for ransomware, with over 610,000 unique phishing websites identified. The concerning trend has continued into 2023, highlighting the ongoing threat posed by phishing attacks in the current digital landscape. But how does phishing run rampant throughout the digital world? The following sections have an answer.

1. Use of AI-ML-based Tools by Attackers
Phishing attacks have become increasingly sophisticated with attackers’ use of AI-ML-based tools. These tools allow attackers to automate and personalize their attacks, making them more convincing and harder to detect. For instance, attackers use machine learning algorithms to create compelling phishing emails that mimic the writing style and language used by the victim’s contacts, making it easier to dupe the victim to fall for the scam. And with the advancement of AI-related tools widely available on the market, the malicious attacks of threat actors have become more efficient, effective, and profitable.

2. Availability of Phishing Kits
Phishing kits have empowered threat actors by providing them with professionally written, pre-built tools that enable them to launch phishing attacks with minimal effort or expertise. These kits, available for purchase on the dark web, contain thousands of lines of code and can be easily configured based on the attacker’s campaign. Following such an approach allows threat actors to launch campaigns quickly and effortlessly, making it difficult for defenders to keep up with the rapidly changing threat landscape.

3. Inadequate Security Awareness
The most significant vulnerability malicious actors exploit is the inadequate employee training on security awareness in some institutions, particularly in phishing and ransomware. This deficiency is the primary reason why such attacks continue to succeed. It can severely undermine employees’ ability to recognize phishing attacks and respond appropriately, resulting in devastating consequences. Failing to address this training and security gap leaves organizations vulnerable to threat actors who are too eager to exploit it.

Understanding the Connection Between Phishing and Ransomware

Phishing has emerged as the primary vehicle for delivering ransomware, making it the most significant cyber threat to organizations in recent years. 78% of organizations experienced at least one ransomware attack in 2021, with 68% attributing the cause to direct email payload or second-stage malware delivery. In addition to that, IBM’s Cyber Resilient Organization Study identified the top three causes of ransomware as phishing (45%), malicious websites (22%), and social media (19%). Phishing and ransomware are closely related because phishing is one of the root methods for delivering ransomware.

The success of a ransomware attack often depends on the attackers’ ability to deliver the malware to the victim’s system, which is why they frequently use phishing emails as a delivery method. The social engineering schemes, carefully crafted to appear legitimate and customized to specific targets, making them difficult to identify, and the sheer volume of emails received by individuals, especially students, has made it challenging for them to scrutinize incoming emails and note suspicious red flags, increasing successful phishing attacks.

Why are Educational Institutes Easy Targets for Phishing and Ransomware Threat Actors?

With limited IT resources, some educational institutes may be unable to keep up with patch management and other maintenance processes that keep systems safe from exploits. The inadequacy of cybersecurity countermeasures limited IT resources, and the pressure to deliver educational services make schools and educational systems an attractive target for malicious actors.

All educational institutes are not adequately immune to phishing and ransomware attacks, as revealed by an 18-year-old student named Bill Demirkapi at the recent Def Con hacker conference. Demirkapi revealed that his school’s software, including Blackboard’s Community Engagement software and Follett’s Student Information System, contained multiple vulnerabilities that could be exploited using SQL injection and XML inclusion attacks to steal PII (Personally Identifiable Information) or even manipulate grades.

Here are some recent ransomware attacks on school districts to showcase how all educational institutes are not safe:

    • Louisiana Schools: Three school districts in Louisiana were targeted by a ransomware attacker in July 2019. It crippled several phones, IT systems and the state-activated emergency cybersecurity powers to bring in the National Guard and cyber experts.
    • Columbia Falls School District: The school district was threatened by malicious actors with a data lockup expecting a ransom of $150,000. The attackers declared they would expose student names, addresses, and grades if they didn’t receive the demanded amount.
    • Syracuse: The New York City schools were hit with a ransomware attack that locked down one of their computer systems. The district paid the ransom, partially covered by insurance, but they were still locked out of their servers even after paying the ransom.

How Can a Phishing Attack Lead to More Fatal Cyberthreats Like Ransomware?

A phishing attack is a common and effective method used by threat actors to gain unauthorized access to sensitive data in educational institutes by tricking victims into disclosing personal information or downloading malware. While phishing attacks seem independent, they could be a first step to more severe cyber threats such as ransomware, malware, data theft, and more.

Malicious actors often use phishing attacks to deliver ransomware or malware payloads because they can customize phishing emails to target specific individuals. In a successful phishing attack, the attacker can introduce ransomware into the victim’s system, rendering their data inaccessible unless a ransom is paid, causing significant harm to the victim.

Strategies for Preventing Phishing and Ransomware Attacks in Educational Organizations

Here are a few practical strategies for preventing phishing and ransomware attacks in educational institutes:

    • Leveraging AI-Based Anti-Phishing Solutions: One vital strategy to prevent phishing and ransomware attacks in educational institutes is leveraging AI-based anti-phishing solutions. These solutions use machine learning algorithms to detect and block phishing emails before they reach their targets. They can also analyze email content and metadata to identify suspicious patterns and behavior, such as unusual IP addresses or domain names, and flag them for further investigation.
    • Engaging a Trusted Vendor or Managed Security Service Provider (MSSP): Engaging a trusted vendor or MSSP is critical in preventing phishing and ransomware attacks in educational institutes. These providers have the expertise, experience, and resources to provide comprehensive security solutions, including threat intelligence, risk assessments, vulnerability management, and incident response. They can help educational institutes implement security best practices and provide ongoing support.
    • Educate Faculty, Staff, and Students: Among the most effective ways to prevent phishing and ransomware attacks is educating everyone in the educational institution on the risks of such attacks. Conduct regular training sessions that help them identify and avoid suspicious emails, attachments, and links. This way, they can recognize phishing emails and report them to the IT department before any damage is done.
  • Implement a Strong Security Policy: The first step is establishing a robust security policy. School networks should block access to potentially risky sites, and student app downloads should be monitored and restricted. Educational institutions must also include mobile security in their cybersecurity strategies since threat actors often use mobile IoT devices, such as laptops, desktops, smartphones, or tablets, to gain access to the network. IoT device testing and implementing end-to-end encryption can significantly reduce the risk of attackers.
  • Access Control Implementation: Given that educational institutions have a vast network of students, teachers, and staff, it is crucial to implement access control measures that limit individuals’ access to only the required programs. IAM (Identity and Access Management) systems working on the ‘least-privilege’ and ‘need-to-know’ principles are found to be efficient in preventing malicious infiltration significantly. Access control offers two critical advantages. Firstly, it prevents unauthorized individuals from accessing sensitive information. Secondly, it limits attackers’ ability to cause harm if they compromise someone’s account.

Higher Ed must prioritize investing in modern and effective cybersecurity technologies to protect themselves against the constantly evolving threat of cybercrime.

Educational institutions face a significant threat from phishing attacks, which can escalate into more dangerous cyber threats like ransomware. To safeguard against such risks, educational institutes must proactively implement practical strategies for preventing and mitigating the damage caused by phishing attacks and other related cyber threats. It can be achieved by raising awareness among staff and students, implementing strong security measures, and working with experienced cybersecurity experts. Education institutes can ensure their systems and data safety and security by taking concrete steps, such as adopting AI-based anti-phishing solutions to keep their information assets secure from malicious actors.

Picture of Brad Hudson

Brad Hudson

VP of Cyber Security

About Columbia Advisory Group:
Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at .