CyberAware

What is CyberAware?

CyberAware is the educational part of Lourdes University’s program to protect the private data entrusted to us. At Lourdes, cybersecurity is everyone’s responsibility. We take the safety of the private information of our students, faculty, and staff very seriously and are committed to earning the trust you place in us by safeguarding your most valuable resource – your identity.

Are universities really a target for cyber attacks?

Yes! Universities are considered a goldmine for cyber-criminals looking for troves of personal data.  Because of the types of data that universities house – personally identifiable information, financial information, health data, research data, and much more, they are considered highly coveted targets for cyber attacks. A February 2017 ComputerWorld article details how one Russian hacker has been able to breach 63 U.S. and U.K. universities and government organizations since late 2016. Further, according to a recent Gemalto study, cyber attacks against universities increased by 103% from 2016 to 2017. This is why protecting our information is of the utmost importance and why understanding how Lourdes, and you as an employee or student of the university, are prime targets for cyber attacks.

Additionally, major companies across the globe have been breached in recent months. These companies have entire teams of information security professionals and spend millions of dollars each year on cybersecurity technologies. Here are some resources related to some of the biggest hacks and data breaches in recent history:

• InformationIsBeautiful.com (updated regularly) – Interactive graph of the worst data breaches of all time
• CNN (Dec 2017) – 10 worst hacks of 2017
• Tom’s Guide (Oct 2017) – Worst breaches of all time
• Identity Force (Dec 2017) – Worst data breaches, so far…

Why should I be concerned with cybersecurity?

The very existence of Lourdes depends on our students continuing to trust us with our ability to provide a solid education and professional services. Regulatory penalties, fines, and law suits divert scarce monetary resources away from our primary mission of educating students. Aside from the regulatory fines and penalties that can amount to millions of dollars, a data breach can potentially impact our ability to attract new students, may threaten our ability to offer federal financial aid to our students, and could jeopardize our ability to receive funding and/or data for research projects across campus. In fact, EAB, a leading higher education research consortium, recently conducted a study which concluded that the average data breach for a university in the U.S. costs the institution approximately $245 per record. This does not include any regulatory penalties that may be incurred as well.

Aren’t hackers just trying to break into our servers and databases?

No. The ultimate goal of any cyber-criminal is to gain access to the personal, financial, or health-related data stored in various electronic systems. Although there are sophisticated attack methods that people employ to break into these systems, the simplest and safest vector of attack is the people of the organization. A compromised set of login credentials can potentially yield access to a vast amount of protected information that is highly sought after by various criminal enterprises. Also, once a set of credentials is compromised, it is possible for cyber-criminals to go about their business undetected and unnoticed for some time. The right piece of malware on a computer can potentially capture all the machine’s activity, every keystroke made, and even send files stored on the computer to remote locations – all without your knowledge. Finally, what would you do if suddenly every file on your computer became completely inaccessible and encrypted so that it could not be opened? What would you pay to gain access to all of your files and documents? That can and does happen to victims of a ransomware attack.

If you are a person who handles any protected information – financial, medical, or personally identifiable – imagine what a cyber-criminal could do with your Lourdes login credentials or access to your Lourdes computer and/or administrative systems.

What can I do to protect myself and our data?

Become more aware of what the different types of cyberattacks look like and how to spot them. There are several different types of cyberattacks that are launched against the people of an organization. These include – phishing, ransomware, spearphishing, business email compromise, whaling, and more. CSO, an online resource that “provides news, analysis and research on security and risk management” published a concise description of the different types of phishing attacks.

Additionally, Lourdes has partnered with a leader in cybersecurity awareness and training, KnowBe4, to provide you with relevant and timely information on security, phishing, social engineering, and much more. There is a general cyber security awareness training that is required for all employees of Lourdes as well as many other learning opportunities available (some may be required based on your position, and others are optional).

What should I do if I suspect I am the target of phishing?

If you suspect an email may be phishing related, please forward the email in its entirety to infosec@lourdes.edu.

What should I do if I suspect I am the target of another form of cyber attack or that Lourdes protected information may have been compromised?

If you notice anything that could signal that your user credentials, computer, laptop, mobile device, or storage device may have been compromised or suspect the potential compromise of any Lourdes information, notify the ITS department immediately via email at infosec@lourdes.edu. Please provide as much information as possible as to why you suspect that protected data may have been compromised.