Millions of Americans will soon be headed back to college campuses for the new school year, but one thing they'll need to watch out for is a growing risk of getting hacked.
Hackers are increasingly targeting school computer networks in order to commit identity theft and other crimes. Just this year, significant cyber intrusions have been reported at Harvard, Penn State, Auburn University, University of Chicago, University of Connecticut, UCLA Health System, and the list goes on and on. A fellow Huffington Post writer even compared last year's large-scale university breaches against the epic Sony breach. According to Verizon's 2015 Data Breach Investigations Report, the educational establishment has one of the highest weekly "malware event" rates of any industry sector, at 2,332. That's six and a half times the rate of malware that banks experience, and about three times as much as retailers.
Colleges and universities are targets because they store large amounts of personal data like Social Security numbers, insurance and medical records, and they also house valuable science and technology research. At the same time, they also face a number of serious security challenges, such as IT budget restrictions, outdated networking equipment, a fluctuating and transient workforce and required open network access for students and guests.
Students are also much more likely to be severely impacted by identity theft. According to Javelin's 2015 Identity Fraud Study, 15% experience "moderate or severe impact" due to the occurrence of fraud, and students are also less likely than other demographic groups to realize they've been victimized.
So, what can students do to protect themselves? While there's not a lot we can do to protect our data when it's stored by a third party like a school, bank or retailer, large-scale breaches aren't the only way college students get hacked. In many cases, hackers may target students more directly over the school's email system, job boards, WiFi or websites, on social media platforms, and even by getting physical access to the device.
Here are seven steps that every college student should take:
- Guard Against Physical Access - A key problem for college students continues to be the general lack of privacy and personal space they have on campus. Whether it's a shared living space, crowded workspace (such as a library, classroom, coffee shop, etc.), or the general communal environment of a college campus, they're constantly exposing their devices to access by others. This makes them vulnerable in a number of ways: 'shoulder surfing,' signing into an account left open on a shared or exposed device, physically installing spyware on the device and device theft. To solve this problem, students need to take a few steps. First, use a lockbox or small safe to store devices and valuables in the dorm room. Buy a USB port blocker for laptops and tablets - this will make it harder for someone to physically install malware. Place a privacy filter over the laptop screen to make it harder for others to see what you type. Use cable locks to prevent theft. Additionally, set a password-protected screen lock on every device. Another solution, which has become popular in education circles, is to use a Chromebook or "thin client" instead of a traditional laptop/PC, as they can be configured to not allow downloads, local storage or USB access (although functionality can be severely limited outside of a network).
- Register for a Password Manager - Password theft continues to be a major problem, both on college campuses and everywhere else. One way to lower your risk is by using a password manager. This tool makes it extremely easy to create long, complex passwords (12-15 characters long, upper/lower case, combining letters, numbers and symbols) for every online account, without the trouble of having to remember it.
- Backup Data - Saving important data like term papers, reports, theses, etc. is critically important, particularly given the growing risk of "ransomware" infections. Ransomware is a type of crypto-malware that locks up a person's important files until the victim pays a ransom (usually one or two Bitcoins) to the hacker. Ransomware infections can be hard to remove without losing the data, so the best advice is to back up often, using both a physical storage device like a thumb drive or external hard drive and a cloud-based account.
- Don't Jailbreak/Root - College students are more likely to jailbreak their smartphones, which puts them at a greater risk of getting hacked. While jailbreaking/rooting can provide additional functionality, it also overrides a device's security settings, making it more susceptible to malware, malicious apps and sensitive information disclosure. If you choose to do this, make sure you know what you're doing and are aware of the consequences.
- Be Careful When Buying Used - Since students are on a budget and more likely to buy used devices, it's important to do this safely. First of all, don't buy a refurbished device from a site you've never heard of before - stick with well-known vendors like Newegg, TigerDirect or Amazon. If you buy from Craigslist or eBay, try to get the original operating system install disks or install partition as provided by the manufacturer. Don't just buy a device from a stranger and start using it right away, as it could be infected with malware. Wipe the device first and start from a fresh install, or at the very least reset back to factory defaults.
- Be a Smart Network User - Don't access personal or financial information over unsecured public WiFi networks such as coffee shops and bookstores, as this data can be easily 'sniffed' by others. Instead, use your phone's more secure cellular signal to surf the Web, and, if you have other devices, 'tether' them to your phone instead of using the open WiFi.
- Malware Protection - Lastly, make sure to have antivirus with anti-phishing support installed on all important devices (desktops, laptops, tablets, whatever). Set it to update automatically and run virus scans at least once a week. Also, be sure to keep the operating system, browser software and apps fully updated. Since malware today is increasingly sophisticated and can avoid detection by AV filters, however, students should also consider taking an additional step. Script-blocking browser plugins can be very effective at blocking certain types of web-based attacks (ex: AdBlock Plus, NoScript, NotScripts).