The explosion of the social and digital landscape is shifting the way schools engage with students, faculty, and the larger community. This new paradigm requires student, faculty and campus protection onsite and online.
ZeroFOX sat down with Joe Carrigan, Sr. Security Engineer and Outreach Coordinator at Johns Hopkins University Security Institute and Co-Host, Hacking Humans Podcast after their recent webinar titled “How to Safeguard Students, and Faculty, Protect Campuses and Promote Online Security” to gain his perspective about social and digital security for colleges/universities.
Interview with Joe Carrigan
Q: What are the top areas of concern across the social media and digital platforms students and faculty use?
Joe Carrigan: Higher Ed should be aware of what the threats are whether they are cyber bullying, fake accounts, or social engineering attacks – those are the things you are subjected to in the social networking world. And it’s always growing. Take Snapchat for example: 5 years ago it was just getting started and now it’s a big platform for people.
Pay attention to how your students communicate with each other, how they communicate with faculty and how faculty communicate with each other. Be aware of what the risks on those platforms are. One of the biggest risks I see in higher education surrounds the student body and faculty being targeted via phishing campaigns in an attempt to gain access to the HR system or student reporting system. Knowing that these threats can begin on social and other digital channels, it’s important for security and marketing teams alike to be aware of the risks associated with those channels.
Q: What risks does a bad actor pose to educational institutions?
JC: They are going to run the risk of trying to elicit information that shouldn’t be shared. They will rely on social engineering techniques to target students and faculty. Once they impersonate someone they will try to get access to gain information that is private. At Hopkins, one of our most valuable assets in our intellectual property. If it gets out, it can be detrimental.
Q: How do you protect your faculty, administration and high-profile staff and dignitaries (ex. Coaches, Regent Advisory Board members, visiting Speakers) from social media threats?
JC: One thing about social is that it’s easy to look at someone’s profile and replicate an account. Imagine if a president or professor’s page was cloned and asks a student to have them send the work on the recent research project they are working on. How does the student know it isn’t their professor? Social platforms have communication tools and a bad actor can use those tools to send out malicious links you are more likely to click on it if it looks like someone you know.
Q: How do you ensure community and campus protection from digital and physical threats, particularly at high-profile events like sporting events?
JC: Using the ubiquity of these electronic devices that we carry, a lot of us are involved with social media on the devices. There is data out there that tells you what is going on around you. You can use it in concert with your physical security requirements ex. Bag sizes but again you need to be aware of the digital signals that are available to you. If you take advantage of having visibility to the digital risks that can positively affect your security posture.
Steps colleges and universities can take to better protect students, faculty and campuses
- Gain visibility into Physical threats before they take place: Physical threats often manifest themselves online before an actual attack takes place.
- Protect your Brand: Educational institutions rely on brand awareness to drive fundraising, recruit new students and hire best-in-class faculty.
- Take down impersonating accounts: Monitoring your school’s digital presence will reveal potential attacks made against administration, student, alumni and followers of your school, helping maintain staff, community and campus protection.
- Know your digital exposure for data breaches and Intellectual property: A data breach is typically associated with usernames and passwords, but personally identifiable information (PII) increases the value of the data and in some cases doubles per record according to the Ponemon Institute. In 2017, data breaches in the education sector jumped 167%, and with services like HaveIBeenPwned publishing a breach nearly every week, incident responders and technologists at these institutions should have a proactive and reactive plan for breaches.
- Stay ahead of vulnerabilities: Installing security and vulnerability scanners and receiving reports on known vulnerabilities within your systems will reduce the attack surface of your systems.
Moving forward, security, IT and marketing professionals at educational institutions should be one team that supports overall security both physical and digital. Understanding how social and digital channels can be manipulated to threaten your campus, students and staff is a critical first step for addressing threats head on. Through the monitoring, alerting and remediation of threats with the help of a digital visibility and protection partner, education institutions can ensure they have the student, faculty and campus protection they need to stay safe online and at school.
Interested in learning more? Check our a recent report titled “Addressing Top Digital Risks Facing Educational Institutions” or our on-demand webinar titled “How to Safeguard Students, and Faculty, Protect Campuses and Promote Online Security”.