Academic Institutions Not Immune from Cyber Attack

POSTED APRIL 7, 2015

A special to USLAW NETWORK and USLAW DigiKnow

By Karen Painter Randall, Connell Foley LLP, Roseland, New Jersey

Two New Jersey universities were recently the victims of a cyber attack bringing the business of higher education to a halt and highlighting the risks that these institutions face. At Rutgers and Fairleigh Dickinson universities, class assignments were delayed and intercampus communication stymied as they each were hit with attacks that halted Internet service or severely slowed it down. Although at a glance a cyber attack to a university does not appear as severe as one to a financial institution or large retailer, it can still cause major disruptions. In many universities across the country, students take online classes, as well as communicate with professors through Internet-based services where they access documents or a teacher’s notes and can file their class work. Thus, when a school’s network is down this can bring learning to a halt.

Rutgers was hit by the cyber attack on March 27, 2015, and was still working to resolve the problem a few days later. Fairleigh Dickinson sent out an alert about a similar cyber attack early on March 28, 2015, but it was resolved just before midnight. The FBI is currently investigating the situation at Rutgers. In both cases, the universities said they had been affected by “denial of service” attacks, which happen when an outside source bombards an online service with traffic or requests, making it unavailable and causing the server to crash.

Officials in higher education are taking steps to protect their systems by building up firewalls, bringing in consultants and participating in training on online security. However, these measures are sometimes not enough. It was reported that Rutgers paid $300,000 for a firm to conduct an outside examination of its computer systems and firewalls, as well as the security of its data.

Although a “denial of service” attack does not obtain any personal information, rather simply shuts down the server, higher learning institutions do possess personal identifiable information of both students and faculty. Moreover, as many fees are paid online using credit cards, universities face the same threat of exposure as a bank or large retail chain. As such, higher education institutions like other industries must be ready for a cyber attack, or face serious repercussions of releasing confidential data.

Designed & Developed by Peak Seven