Technology  |  April 2020

Securing Your Network: The Greatest Vulnerability is the Human Factor

by Phineas Dowling
DOWNLOAD         
When we picture “hacking” we might have an image from movies of an individual, sitting in a dark room in front of several monitors, furiously typing.

Worth noting here is that Dade had gained access to the TV station’s system initially by tricking a security guard into giving him information. Despite the absurdist overtones of the scene, one element is based on a truth: the human element makes the system most vulnerable.

Reducing Vulnerability

Network security is about reducing vulnerability through a variety of policies and practices to control and monitor access to a computer network. While this includes network and software solutions, such as anti-virus software, passwords, and firewalls, network security also depends on policies and training designed at keeping the human element of a network just as secure as the digital elements.

Although private institutions are not subject to the same FERPA restrictions as public schools, network breaches can come with a number of financial, legal, and reputational liabilities.

A security hacker is anyone who exploits vulnerabilities in network security. The most common goal is to access data or to lock out access to legitimate users for profit. The most common target is personally identifiable information (PII). This is information relating to an identifiable person including names, birthdates, social security numbers, locations, email addresses, phone numbers, credit card numbers, etc.

PII is generally sold in digital black markets and used to commit identity fraud. According to Javelin Strategy & Research’s annual identity fraud report, in 2017, 16.7 Million U.S. consumers were victims of identity fraud for a total of $16.8 Billion stolen. Javelin’s 2019 report shows a general decline in victims but a marked “resurgence of higher-impact fraud types such as new account fraud, account takeover, and misuse of non-card accounts.”

More victims are being targeted directly and forced to pay out of pocket in response to security breaches and ransomware attacks, where a hacker takes over an account or device and charges a “ransom” for returned access. PII data theft can be a lucrative business for hackers and devastating to individuals and the organizations targeted in these breaches.

Viruses Exploit Vulnerabilities, in People and Digital Networks

There is no such thing as an “unhackable” network, but universities can reduce possible exploits in the system and minimize the risk of a data breach. Your institution is likely doing a great deal on the technology side-using a variety of software and services designed for network security, such as anti-virus software and firewalls.

A major risk for most higher education institutions is that faculty and students most often access the network from personal devices and often from outside of the network. Every personal device and each login from off campus represents a possible vulnerability.

Students and researchers still need to be able to access the network from off campus, however. To manage this risk, most universities license a Virtual Private Network (VPN). These VPNs allow users access data from a public network as if they were directly connected to the private network.

Amidst this experience with COVID-19, though some universities are better prepared than others, all campus leaders must develop a clear and immediate plan to fully address students’ needs to access the campus network remotely, whatever the reason might be.

To reduce potential vulnerability when users access the network, your institution should use two-factor or multi-factor authentication.

Two-factor authentication (2FA) requires a user to present two (or more) pieces of evidence to authenticate who they are before access is granted. Typically, this means logging in on one device and confirming the login on a separate device, such as a cell phone.

Security Hygiene

Software and technological measures only go so far, as the greatest vulnerability remains the users of a network. Truly reducing risk and maintaining the integrity of your network security at your institution requires comprehensive training for users on network security policies and practices.

Most of these practices fall under “security hygiene.” Just as we are all reminded daily now of the importance of washing our hands thoroughly, these practices and routines are about making sure your network and devices are clean and healthy. Good security hygiene requires maintenance and vigilance.

Software and operating systems, for example, should be updated regularly. Updates are vital in reducing possible exploits for hackers. Likewise, setting up and maintaining a strong password to access the network. Strong passwords are hard to crack. It is also important to update passwords at least every three months, which can limit continuous or return access if there is a breach.

The importance of updates and passwords is pretty clear to most, but there are some aspects of security hygiene you might not have considered before. It is important to change your devices’ default settings. The California Institute of Technology’s Information Management Systems and Services warns that many devices, printers, and other equipment arrive pre-configured with default administration credentials that are well-known and routinely tried by hackers.

Like in the scene from Hackers, however, the greatest vulnerability is the users themselves. In the movie, the hacker used “social engineering” to deceive the security guard into giving him the information needed to access the network. Social engineering Social engineering occurs when someone lies or uses manipulation to convince people to divulge information or perform actions.

Phishing is a similar deception in which someone tries to obtain sensitive information such as usernames, passwords and financial details by pretending to be someone trustworthy, usually through email. Links and email addresses can be spoofed to look legitimate, so it is important that users have the proper training to know what to watch out for.

Prevention and Recovery

Good network security is not just about prevention but is also about how you recover after a data breach. MIT also has a Data Incident Response Team (DIRT), which is on hand to assess and assist with recovery from information security breaches. Such teams help shore up the breach, reduce liability from the breach, and help prevent future breaches.

Network security is ever-evolving as new threats and new solutions emerge. In the near future, many businesses and institutions will likely adopt AI-powered network detection and response (NDR) solutions, which continuously scan a network for harmful data.

Another solution that institutions will likely deploy soon is “zero-trust security.” A zero-trust model of network security, according to Microsoft, “assumes breach and verifies each request as though it originates from an open network.” Essentially, such a model is based on continuous authentication at multiple levels every time a device or user accesses a resource.

Although there are new procedures and policies developing every year to confront new challenges as they emerge, the best defense will always come down to how you prepare your people.

Thorough systems and practices, a robust suite of technological solutions, a risk-mitigating data classification plan, and comprehensive training will help limit vulnerabilities and protect your institution and your students.

DOWNLOAD         
About the Author
Phineas Dowling is a PhD candidate in literature at Auburn University where he teaches literature and composition. His dissertation is on Scottish identity and British literature of the long eighteenth century. In addition to his scholarship, Phineas has a strong interest in pedagogy and university administration.
Related Articles in Technology

The SportsArt Revolution

With offices around the world servicing 80 countries, SportsArt provides superlative technology and equipment that empowers fitness, medical, performance and residential communities to create healthy bodies and a healthy environment. SportsArt stands among the largest single-brand manufacturers in the world, serving as a shining industry example of how to foster positive environmental and social change with products that are inclusive, durable, energy efficient and cost effective.

Learning Better, Together: Capital University's Convergent Media Center

Adapted with permission from Capital University Taking a deliberate step into the future of higher education, Capital University’s Convergent Media Center (CMC) is a collaborative environment for faculty and students from current areas of study—ranging from communication and music to electronic media, film, creative writing, and more—to organically mingle and positively impact one another. Features such as active learning classrooms extend the site’s benefits to additional areas of study, including those that have traditionally relied on a lecture-based approach.

Display Trends for Higher Education

The front of the classroom display continues to be a main focus in today’s classrooms, with teachers relying on the displays to enhance their lessons and to keep students engaged. As display technology evolves, IT and facility managers have more options to choose from, depending on the size of the classroom or lecture hall.

Accessible Security Solutions

Safety and accessibility have been chief priorities in the higher education market for quite some time. Not only are campuses entrusted to ensure that students, staff, and faculty always remain safe, but colleges must also guarantee that any security and safety tools available on campus are accessible to every individual, including those with disabilities.

Safety First: Emergency Eyewashes and Safety Showers

Colleges and universities are responsible for providing reliable health and safety protocols for students and staff. University administrators must ensure that properly plumbed emergency eyewash and safety shower equipment is part of the safety plan for campus facilities that deal with chemicals and other hazardous materials.

Special Case Study Section

We are excited to introduce our special case study section as requested by our readers. These studies give you examples of the on-site application of products and services that benefit your campuses.
MORE
March 2024 Issue Now Available
Subscribe for Free
Available in Print & Digital Editions