fbpx Skip to content

FBI Cybersecurity Recommendations for Higher Education Institutions

The FBI Cyber Division released a notification in May 2022 that they discovered stolen login credentials from higher education institutions readily available on public forums and for sale on the dark web.

The notification also warned that the exposure of the stolen login credentials could put universities and colleges at risk of more cyber attacks in the future.

What is the dark web?

The dark web consists of hidden sites that use specialized browsers to keep internet activity anonymous, making illegal activities hard to track.

Here are some notable higher education cyber attacks in recent years, according to the FBI’s notification document:

How do cybercriminals get access to these credentials?

Cybercriminals primarily get initial access to utilizing social engineering (most commonly phishing).

What is phishing?

Phishing refers to fraudulent communications that pretend to be sent from a trusted source. The goal of phishing is to trick the receiver into revealing personal information in order to gain access to information such as credit card numbers and login credentials.

Consider this phishing situation and the impact it could have on the students, faculty, and institution

Initially a cybercriminal gets access to a student’s email login credentials. They can now begin reconnaissance and build their attack.

Now that they have access to previous email conversations, they could use those topics in the phishing email they’ll send to the professor and other students. In the email, they can mention the relevant topics and include a malicious hyperlink.

In this situation, the receiver may be more likely to click the malicious link because it’s from a familiar person and their guard is down.

FBI cybersecurity recommendations for higher education institutions
The notification document provided an extensive list of cybersecurity recommendations universities and colleges that we’ve consolidated and summarized:
Assessing the security of your technology partners
In addition to the FBI recommendations to protect against cyber threats, colleges and universities should also assess the security of their technology partners. This includes all online learning technologies and all additional course software, such as:

Remember, vendor security is your security.

Here’s a high-level list of what to look for and questions to ask when vetting technology partners:

Online proctoring isn’t just a way to deter employees cheating on exams. It’s an integral part of establishing a strong culture of academic integrity at your organization. Our solution and proctors help create a supportive testing environment that levels the playing field and allows test-takers to focus on showing their knowledge.

Data security

Proactive defense

Incident response plan

Company practices and employee security training

Vendor Security Cheat Sheet

For a comprehensive look at vendor security, download our Vendor Security Cheat Sheet. It provides a detailed look at questions to ask technology vendors, software and technologies needed, and important definitions to know.