Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceEducation:University

How to keep cybercriminals off university campuses

By Rick McElroy
university campus

Image by Mimi Thian on Unsplash

June 29, 2022

Colleges and universities are increasingly difficult to get into, at least from a student’s perspective. But cybercriminals feel differently, as higher education institutions have been a common target for targeted ransomware attacks in recent months.

In fact, more than 1,000 schools in the United States fell victim to ransomware attacks over the past year alone. Institutions like Austin Peay State University, which recently experienced a cyberattack, have been forced to shut down their systems and temporarily suspend operations as a result of these attacks — causing chaos and major disruption. In a worst case scenario, Lincoln College announced they were forced to permanently shut down the 157-year-old university in part due to a ransomware attack.

Even more alarming is that these numbers are consistent with the trends seen in 2020, prompting the questions:

  • Why are universities at a higher risk of cyberattacks?
  • How can security leaders within these institutions work to prevent attacks moving forward?

Identifying the security gaps

There are a handful of security gaps most higher education institutions face that make them more vulnerable to cyberattacks.

First and foremost, a lack of cybersecurity awareness and training, limited funding, and resources stretched thin to stay on top of cyberattacks create the ideal environment for criminals to gain access to substantial amounts of personal student data or research data.

Additionally, many universities don’t effectively communicate with students and staff about the avenues being used by cybercriminals in order to penetrate the university’s network. For example, nefarious actors have the ability to simulate university communications or take advantage of new students and professors who are less likely to be able to identify these types of attacks.

Outdated applications also pose a major risk when it comes to the cybersecurity structure of higher education institutions. Both staff and students are extremely busy, meaning it is common for them to work with different applications across various networks daily. Most of the time, these applications are not always maintained and updated, creating holes in an organization’s security posture that attackers will leverage. Additionally, given that a majority of students are using their personal devices such as laptops and smartphones while on campus, it becomes incredibly difficult for the institution to build a strong cybersecurity structure as these devices are constantly connected to new and possible unsecured networks once students step off campus.

Strengthening security posture

In order to offset these issues, universities should consider the following best practices to strengthen their security posture.

  • Ensure proper security and awareness training programs: Every new staff member, including professors and operations crew, as well as students, should be required to complete a cybersecurity awareness training program before their device can be connected to the university’s network. This will arm new students and faculty with the basic cybersecurity knowledge they need to help protect both themselves and the university’s network. 
  • Invest in anti-phishing and anti-virus technology: While these types of technology can seem expensive up front, the impact they hold long-term is invaluable when it comes to protecting a university’s network. 
  • Increase visibility: Until higher learning institutions gain a better understanding of their overall attack surface — endpoints, network access, servers and virtual machines — they will not have the ability to quickly pinpoint the initial stages of a ransomware attack or isolate any compromised hosts in time.
  • Create a student-run Security Operations Center (SOC): This will not only help students gain experience within the cybersecurity field, but is a key step to alleviating the lack of staffing in the cybersecurity industry. 
  • Offer cybersecurity internships and classes: These courses are paramount to a cyber professional’s training. The opportunities would ideally be equipped with real-world scenarios that teach students how to handle a potential cyberattack when in the field.

Unfortunately for many higher education institutions, hindsight is 20/20 when it comes to reflecting on what could have been done following a cybersecurity breach. To defend against future attacks, universities need to take these threats seriously and implement stronger cybersecurity measures to remain vigilant in today’s shifting threat landscape.

KEYWORDS: campus safety cyber attack cyber security awareness phishing attack Security Operations Center (SOC) security training

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Vmwcb rick mcelroy headshot 01

Rick McElroy, Principal Cybersecurity Strategist for VMware, has 24 years of information security experience educating and advising organizations on reducing their risk posture and tackling tough security challenges. He has held security positions with the U.S. Department of Defense, and in several industries including retail, insurance, entertainment, cloud computing and higher education. McElroy’s experience ranges from performing penetration testing to building and leading security programs. McElroy is a Certified Information Systems Security Professional (CISSP), a Certified Information Security Manager (CSIM), Certified in Risk and Information Systems Control (CRISC) and Certified in Cloud Security Knowledge (CCSK). As a United States Marine, McElroy’s work included physical security and counterterrorism services. His current role takes him all over the world working with organizations to improve their security strategies and speaking on security and privacy.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • New Executive, New Perspective

    CISOs face mounting pressure: Here’s how to help

    See More
  • security-burnout-freepik.jpg

    Hacking burnout: Addressing stress among security professionals

    See More
  • Employee burnout

    Bolstering defenses amid evolving threats & cyber pro burnout

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing