While governance is the long-term strategy, a password safe instantly reduces risk across all users.
It's been a year since the FBI warned colleges and universities of a steep increase in ransomware attacks in higher education. The agency urged institutions to tighten up their cybersecurity measures and work to reduce the risk of ransomware within their networks.Footnote1
For many colleges and universities, that meant upgrading homegrown, legacy solutions and implementing modern identity and access management (IAM) solutions. And while IAM upgrades are a strong and essential step, they may overlook the top source of breaches: password problems.
Whether they're weak, leaked, shared, or (in some cases) sold, passwords and their human counterparts continue to be the most frequently exploited access point for cybercriminals. For colleges and universities, where the credentials of students, faculty, and others are all at play, managing vulnerabilities becomes ever more complicated. An explosion of unmanaged (and often shared or reused) passwords and secrets (i.e., social media logins, financial information, encryption keys) that live outside the jurisdiction of the IT organization further complicates things. An enterprise password manager for business on campus can help to ensure a secure and consistent environment.
1. Get Ahead of Password Problems
The best way for colleges and universities to manage password problems is to prevent them. Without a sufficient password management solution, the time and resources of support desks and IT teams are often consumed by password resets and troubleshooting. By implementing an enterprise-grade password management solution, institutions can streamline password support and be proactive about potential vulnerabilities.
Clean Up Password Processes with Best Practices
Never underestimate the power of clearly defined processes and best practices. Putting the right technology in place will provide the framework for secure password practices. But teaching end users password best practices and providing them with the resources they need to help themselves are essential for maintaining a secure system. By providing resources and adequate training on how to create strong passwords (and how to recover passwords), institutions can ensure everyone is up to speed and working together to minimize vulnerabilities.
Streamline Decentralized Passwords
Between email, student portals, and library systems—not to mention any internal networks for different departments—any given student or faculty member has more than a few passwords to keep track of.
A password safe can help streamline this multitude of logins by providing one central source for management and bring some structure to decentralized passwords, secrets, and files. With a password management solution, IT teams can further consolidate logins to a single platform and provide users with a unified login page for a single sign-on (SSO) to combat public-facing login security threats.
And while the long-term play should be the centralized management and governance of passwords, a password management vault can help organizations quickly organize decentralized secrets and credentials. It can be deployed within days and protect everyone from current students to alumni. Moreover, it can promote good password hygiene and enforce best practices while keeping risk in check.
2. Automate and Federate
With human error still causing the most significant system vulnerabilities for higher education, the goal must be to remove as much risk as possible. How? Automation.
Imagine a solution that enforces strong password policies for an institution's entire user population and synchronizes them with all of the systems where they are used most frequently. An enterprise password management solution can significantly decrease cybersecurity risk in higher education by automating key processes like password resets and other self-service features.
But automation is only part of the equation. Colleges and universities can minimize the entry points to further strengthen their systems by pairing automation with federation.
One of the greatest gains with federation is that it enables SSO for end users across the web-based applications at an institution. And SSO is not only an essential piece of any cybersecurity strategy, it's also the next step toward Zero Trust. This cybersecurity model, which trusts nothing by default, is fast becoming the standard approach for organizations and colleges and universities (and it is guiding the cybersecurity strategy of the U.S. government).
Federating systems ensures that one solution is responsible for the authentication of every user. Federation will allow organizations to centralize the authentication of their disparate systems, like applications and devices, as long as they support a standard (e.g., SAML). It can also help organizations enable MFA, which may not be available or supported through native login.
As colleges and universities continue to navigate in-person and remote learning, the flexibility that federation provides (while lowering risk) can help maintain a secure environment no matter what the future holds. Together, password automation and federation will keep cybersecurity strategies and processes streamlined while minimizing vulnerabilities.
3. Prepare for Worst-Case Scenarios
No one wants to imagine their institution being hit with ransomware, but preparedness is integral to any cybersecurity program. Even with every best practice and solution in place, it's impossible to eliminate risk completely. But don't panic. Having plans and processes in place will help IT teams streamline their response to a worst-case scenario.
Routinely backing up systems and reviewing and revising processes for recovery in the event of an attack will ensure that downtime is minimal and a remediation path is in place. Equipping teams with best practices to protect against ransomware and preparing for potential breaches will ensure they can act quickly should the worst happen.
Prevent Insider Threats
In addition to the vulnerabilities caused by weak or forgotten passwords, a new threat is arising to plague IT departments. Cybercriminals are reaching out directly to end users and offering to pay for their logins. The thought of someone being compensated for a password might seem far-fetched, but data shows that more hackers are using this approach to gain access. In fact, a recent Hitachi ID survey found that 65 percent of IT and security executives say they or members of their team have been approached to assist in aiding ransomware attacks.Footnote2
Don't Let Password Problems Fester
In the wide world of cybersecurity challenges, user passwords can seem small on the surface. But the rise in ransomware and focus on how to prevent it, especially within higher education institutions, serve as strong reminders of just how critical these credentials are. In the wrong hands, simple user passwords can be the necessary step to gaining a foothold into an organization, opening the door for further exploits.
An enterprise password safe or vault can empower colleges and universities to manage passwords for their transient, complex populations more easily, ensuring that the system remains secure well beyond graduation day. By tightening up the passwords that are insecure or compromised and often reused across many logins and networks, higher education institutions can fortify their networks' largest vulnerability within a matter of weeks—in time to prepare for the next cycle of onboarding and offboarding hundreds or thousands of identities across the institutional user population.
Digital identities and the passwords that secure them connect students and staff to learning. They also pose a significant cybersecurity risk. Build a cohesive identity access and governance program by securing decentralized passwords with centralized governance with Hitachi ID Bravura Safe.
Notes
- Federal Bureau of Investigation, Cyber Division, "Increase in PYSA Ransomware Targeting Education Institutions," FBI Flash, Alert Number CP-000142-MW, March 16, 2021. Jump back to footnote 1 in the text.
- "The Rising Insider Threat," Infographic, Hitachi ID, January 20, 2022. Jump back to footnote 2 in the text.
Nick Brown is CEO at Hitachi ID.
© 2022 Hitachi ID.