Onslaught of cyber-attacks on SA businesses - expert

Source: Vsoftsystems, 03/11/2018

South African businesses of all sizes, including educational
institutions, have been particularly hard hit by an onslaught of
cyber-attacks, although this is not always public knowledge, according
to Kerry Curtin, cyber risk expert at Aon South Africa.
Cyber risk was ranked as the #1 risk facing educational institutions
and is likely to remain so for the foreseeable future, according to
Aon`s 2018 global risk management survey.
Curtin says the potential theft or leakage of data, particularly
confidential information in an educational setting, should be top of
the list in risk planning.
“The need to strengthen institutional resiliency against potential
damage, compromising hacks and downtime is crucial,” she adds.
This is because schools, like any other business, are increasingly
dependent on technology. The knock-on effect of a cyber incident at an
educational facility has the potential to be financially and
reputationally catastrophic.
For example, in 2016 it was reported that the University of Limpopo’s
website was taken down, leaking exam papers and the details of over 18
000 students, in addition to perpetrators publicly posting what was
believed to be the login details for the University’s intranet.
The sheer number of cyber-attacks on educational institutions suggests
that the sector is not as prepared as it should be in its efforts to
safeguard networks, according to Curtin.
Aon provides the following tips for the education sector:
Safeguard institution-owned devices
All computers, laptops and smart devices owned by the educational
institution should at the very least have a current anti-virus
programme installed, in addition to adware and malware protection.
One of the biggest threats to any business is the people operating
these devices and their naivety regarding cyber risks, so education is
key.
BYOD Policy
The practice of students and staff members bringing devices to school
or university that interact with the institution’s network is very
likely. The first line of defence is keeping guest devices separate
from the network, allowing the institution to keep data secure on an
administrative network, as well as monitor traffic more closely.
When it comes to sending sensitive information, it is crucial to
implement a secure file exchange solution that can protect against
cyber threats such as phishing scams.
Multi-Factor Authentication
While passwords alone do not provide adequate levels of security and
hackers are able to circumvent physical biometrics such as fingerprint
identification as a single layer of authentication, Multi-Factor
Authentication (MFA) is fast becoming the next line of defence.
Social Media Policy
Not only does the policy need to stipulate what is deemed as
acceptable behaviour from employees and students, but it also needs to
explain what the benefits are of becoming an ambassador for the brand
and the legal ramifications inherent to social media platforms.