How Legal Teams and GCs Can Help Take on Cybersecurity in Higher Ed
"Great company, great products, great leadership, great people, great culture!"
"I love my team and peers. We are family, and we respect each other."
"NetDocuments encourages a good work/family balance."
"I feel respected and valued by leadership and my team."
"We work together and support/encourage each other to do our best work every day."
"From start to finish, my leaders are willing to guide me and let me try new things. This keeps work fresh, exciting, and fun so I don't burn out or get bored."
"I have clear direction in my work tasks and priorities. I also feel encouraged to put my family first and maintain a healthy work life balance."
"I work with highly motivated individuals who are smart and allow me to learn from them!"
"NetDocuments is committed to exceeding customer expectations by building leading products hosted in rock-solid environments."
"I'm empowered to try new things and think through processes and campaigns strategically. I can lean on my boss for support, but I'm not micromanaged, which is appreciated."
An estimated 20 million students enrolled in higher education programs throughout the US will require some form of online digital access. With this number continually increasing, it’s no surprise that cyberattacks against colleges, universities, and other institutions reached an all-time high in 2021 with a 50% increase across industries. Education and Research was the most targeted sector with an average of 1,605 weekly attacks — a 75% increase from the previous year.
<p>Education and Research was the most targeted sector for cyberattacks in 2021 with an average of 1,605 weekly attacks.</p>
Modern times have taught us that there are many advantages to remote and hybrid learning. For example, a business professional may choose to expand on their skills to advance within their career but cannot easily attend classes on a traditional campus. Remote learning enables increased opportunities to gain education through less traditional mediums where physical attendance is not required or necessary.
And while this has a positive impact by expanding the choices available to students pursuing undergraduate studies, it also adds to the amount of people accessing the institution’s systems from personal devices. This creates new avenues for cybercriminals to take advantage of aging or underperforming system vulnerabilities and user behaviors.
Legal Leading the Charge
Legal departments and General Counsel in higher education have a big stake in strengthening cybersecurity against potential attacks. Given the various types of sensitive and even highly confidential information, research data, and intellectual property their offices manage on a daily basis, legal teams themselves are a big target for cybercriminals with malicious intent.
Along with personally identifiable information (PII) — such as names, social security numbers, home addresses, and phone numbers of students and staff — colleges and universities also retain financial information from student aid and loan applications.
In some situations, protected health information (PHI) is kept on file. In the United States, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 is the primary law that provides guidelines for the oversight of access, usage, and disclosure of PHI. With steep penalties for rule violations , it is critical for higher ed legal teams to be prepared with reliable systems and processes that can ensure compliance and protect sensitive health-related data.
Ransomware and Beyond
One example of a cyberthreat quickly gaining speed is ransomware — a type of malicious software used to hold systems or data hostage until a ransom is paid. Ransomware doubled across North America in 2021 and ransomware attacks now account for over 30% of breaches in the educational services industry.
Ransomware is often spread through phishing emails that contain malicious attachments. Phishing emails are intended to trick users into thinking they are sent from reliable sources to gain sensitive information such as password or account numbers. Ransomware can also be introduced when a user unknowingly visits an unprotected website and malware is transparently downloaded and installed without the user’s knowledge.
Along with ransomware and phishing scams, the unintentional mishandling of data often caused by a users’ lack of training and understanding of security and privacy matters is a common threat as well. This can put the personal information of employees and students at risk, as well as the institution’s public standing. The consequences of a data breach are very high, from financial and reputation loss to exposure of confidential information and service disruptions.
<p>Ransomware doubled across North America in 2021 and ransomware attacks now account for over 30% of breaches in the educational services industry.</p>
Securing institutional data is a high priority, and regardless of how or where a cyberattack incident occurs, legal will usually be called upon to get things back on course with an appropriate response. More and more legal teams are adopting a proactive approach to ensure an intelligent cybersecurity strategy is in place and awareness training is conducted to prepare teams should their systems experience a breach. Cybersecurity awareness training is among the top priorities for risk management budgets in 2022.
Reliable Document and Email Management
Aside from training and awareness programs, another way to help prevent cyberattacks is to leverage modern technology. Higher ed institutions need reliable ways to protect data, comply with privacy and governance laws, and securely collaborate across teams in different geographic locations.
Documents and email are central to the daily work of legal and General Counsel offices at higher ed institutions. A robust document and email management platform that offers advanced security is not just an option — it is essential. To meet those requirements, look for capabilities such as data loss prevention (DLP), multilayered encryption, user access controls, and multifactor authentication (MFA) built directly into the solution.
These types of features help organizations provide the access required in today’s hybrid environments while also protecting their most sensitive content. Institutions can help preserve the integrity of their information by securely limiting what a user can access and what actions can be performed, implementing MFA to require two or more separate authentications before access can be granted, and encrypting data so it can only be read by authorized users.
A reliable document management system (DMS) should make collaboration as smooth as possible without relaxing the high security standards that are critical to legal work. Aside from remote access by students and staff, many colleges and universities have satellite campuses. Whether you’re working onsite within the legal team, with students or faculty across the university or other campuses, or with external parties from a remote location, the ability to securely collaborate is imperative to keep processes running smoothly while also protecting institutional data.
Users should be enabled to save and collaborate on documents, emails, and other work in a secure centralized location that serves as a hub for all information resources. And a cloud-based platform could help reduce workflow disruptions and enable your teams to work effectively and efficiently to better serve stakeholders.
There are many other components in the line of defense against cyberattacks and breaches. To learn more about the unique security challenges experienced within higher ed and how university legal departments can strengthen security to help avoid the potentially catastrophic consequences of a cyberattack or data security incident, download our whitepaper — Strengthening Cybersecurity in Higher Ed for GCs and Legal Departments.