Skip to main content

Equipping Biola Against Cyber Threats

October 1, 2018


Flour Fountain at Biola University.

Cyber attacks happen every day, and any one of us—student, staff, or faculty—could be the point of a Biola data breach.

Here are the numbers:

  • In 2017, over 100 universities experienced a breach of confidential data.1
  • 85% of data breaches are a result of unintentional human error (we call this the human factor).2
  • Last year, nearly 500 Biolans were phished in a single day, giving attackers access to their email accounts and Google Drive.

Universities are prime targets for attacks and data breaches. If confidential information is lost or stolen, organizations are obligated to publicly inform their community and purchase identity theft protection for every affected individual.

A single data breach can cost a university millions of dollars:


School

Data Breach

Cost3

Chapman University

An external hard drive “went missing,” with sensitive W9 data.4

Unknown

Pepperdine

Stolen, unencrypted laptop with confidential data.5

$2 million.

University of California Berkeley

An employee with access viewed patient medical records they shouldn’t have.6

$2 million.

The University of Oklahoma

An employee didn’t use the correct privacy settings on a shared confidential document (with SSNs and FERPA-protected data).7

$7 million.

Butler University

A compromised network allowed hackers to access PII, SSNs, and financial information for staff, faculty, and alumni.8

$30 million.

Washington State University

A safe was stolen, containing a hard drive with PII and SSNs.9

$100 million.


Let’s keep Biola off of this list.

October is National Cybersecurity Awareness Month. Every October, organizations around the world encourage people to protect themselves, their families, and their workplaces against cyberthreats. You can learn more about NCSAM on their website.

October is National Cybersecurity Awareness Month. Learn more at staysafeonline.org


Our Information Security Program

In conjunction with National Cybersecurity Awareness Month, Biola's Information Security team is launching a new information security program for the university. Since the majority of cyber attacks and data breaches originate with human error, our program is primarily focused on equipping our community to recognize and respond to cyber threats.

Our program has 3 parts: Awareness, Training, and Simulated Phishing.


Awareness

From now on, we’ll be sending out regular reminders about current cyberthreats, and how you can securely interact with technology. Our goal is to keep cybersecurity topics fresh in your mind, so that you feel equipped and confident to recognize and respond to threats.


Training

If you’re an employee, you’ll receive annual cybersecurity training. The online training takes about an hour, and you can do it at your own pace. This keeps you informed, and keeps Biola in compliance with cybersecurity regulations and standards. Training details will be announced soon.


Simulated Phishing

Lastly, we'll send simulated phishing emails to our employees in order to train our community to identify and report malicious emails. Phishing is the most common cyber threat, and it gets more sophisticated each year. Simulated phishing emails are designed to replicate current cyber threats and reinforce healthy online habits for our employees.


What to Expect

We’ll have a new cybersecurity theme for you next month. You’ll hear from us by email, and we’ll put up digital signs around campus to remind you about the month’s theme.

Thank you for teaming up with us to protect university data.

Until next time, stay secure.


References:

  1. Verizon Data Breach investigations Report Executive Summary: https://www.verizonenterprise.com/resources/report...
  2. Verizon Data Breach Investigations Report: https://www.verizonenterprise.com/verizon-insights...
  3. Data breaches have far-reaching costs and implications. In 2018, the average cost of a data breach per compromised record was $148. When confidential personal data is compromised an organization is obligated to notify and provide identity theft protection for each of the compromised individuals.
  4. Chapman College of Health and Behavioral Sciences: https://oag.ca.gov/system/files/Form%20of%20Notice...
  5. Pepperdine University Graphic: http://pepperdine-graphic.com/laptop-theft-comprom...
  6. University of California, Berkeley Notice of data breach: https://oag.ca.gov/system/files/UCB-2016-02-26-CA-...
  7. OU shuts down fire sharing service after failing to protect thousands of students' records: http://www.oudaily.com/news/ou-shuts-down-file-sha...
  8. Butler University breach notification: https://oag.ca.gov/system/files/L01_NONMASS_ALLSTA...
  9. PII of 1 million compromised in Washington State University safe heist: https://www.csoonline.com/article/3202071/security... The Washington State University case is a unique example in which the University did have cybersecurity insurance. While WSU experienced a $100 million+ data breach, the university paid out closer to $630,000 plus fines, on top of their insurance costs.