Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions

Why Cyber Liability Insurance is Important to Educational Institutions


Why Cyber Liability Insurance is Important to Educational InstitutionsGreater Cyber Crime Sophistication, Information Flow Opens Door to Hackers

The number of data breaches making headlines in the last couple of months has grabbed the public’s attention, including those involving educational institutions, underscoring the need for stronger cybersecurity measures and Cyber Liability insurance. One of the most recent data breaches involves the University of Maryland (U-Md), which made headlines in mid-February when it announced that it suffered a “sophisticated cyber attack.”

More than 300,000 personal records for faculty, staff and students who had received identification cards at the U-Md were compromised in the breach. According to the university’s CIO Brian Voss, officials believe that whoever got into the school’s database duplicated the information, which includes names, Social Security numbers, dates of birth and university identification numbers for 309,079 people affiliated with the school on its College Park and Shady Grove campuses.

What especially concerns the university, according to Voss, is the sophistication of the attack. Hackers seemed to have an understanding of the how the school’s data is designed and protected. Unlike typical attacks in which “someone left the door open”, in this case “there was no open door,” said Voss. “These people picked through several locks to get to this data.”

Federal authorities are investigating the breach and the university is doing what it can to prevent further breaches from occurring. In a letter to the university community, President Wallace D. Loh, stated: “State and federal law enforcement agencies, the U.S. Secret Service, consultants from the MITRE Corporation, and our own campus IT security personnel are working together to find out how the attackers penetrated our multiple layers of security. This forensic analysis will enable us to defend against this type of attack in the future. It will also provide clues as to who were the attackers.”

U-Md is also undertaking other measures in the wake of the breach, including the formation of a President’s Task Force on Cybersecurity. After the investigation is completed (within 90 days of its execution), the Task Force will provide its recommendations on what needs to be done to prevent such breaches. Additionally, the university will be presenting a series of identity theft seminars to all its students, faculty, staff, and alumni, which will be made available on-line.

The data breach at the University of Maryland is not unusual; over the last few years hundreds of educational institutions across the country have reported breaches. Last week, for example, Indiana University announced a breach that could possibly affect 146,000 students and recent graduates. Among those affected are people who attended the university from 2011 to 2014 at seven of its campuses, according to a statement released by the school. “The information was not downloaded by an unauthorized individual looking for specific sensitive data, but rather was accessed by three automated computer data-mining applications, called web crawlers, used to improve web search capabilities.” In this case, unlike with U-Md, the information was stored in an insecure location for the past 11 months.

Additionally, the Identity Theft Resource Center, a non-profit based in California, cited more than 50 data breaches in the educational sector just last year alone that involved names, Social Security numbers, driver’s license numbers, medical records, or a financial record or credit card information. Those included occurrences at K-12 schools, colleges and universities. “Universities tend to have a more open information technology architecture,” said Paul Stephens, director of policy and advocacy at the Privacy Rights Clearinghouse. “You have various parties operating within the system – you’ve got students, you have teachers, you have faculty, you have administration staff, and so on.”

Terry Kurzynski, a senior partner at the cybersecurity firm Halock Security Labs, agrees that the open culture universities tend to encourage for better information flow is a main reason they remain vulnerable to hackers. In fact, a study conducted by Halock in July reported that of 162 institutions investigated, including Big Ten, Ivy League, community colleges and technical institutes, more than 50% allow for the transmission of sensitive information over unencrypted, unprotected email, putting private student and parent data at greater risk.

What’s clear is that robust cybersecurity measures need to be implemented, including at educational institutions where identity theft is a priority, as hackers are becoming increasingly more sophisticated. In addition, it is critical that all cybersecurity plans include Cyber Liability insurance (also known as Privacy and Network Security) to respond when data breaches do occur. The costs involved, in addition to the reputational damage, if a school doesn’t have the proper insurance plan in place can be significant.

Cyber Liability insurance for educational institutions will pay for costs related to cyber errors and cyber crime as well as legal defense costs. Some policies provide coverage for cyber crisis management, notifications to those affected, and forensic investigation of the incident. Axis Insurance Services specializes in providing organizations with Cyber Liability insurance and can design a policy that will serve your educational institution best. Give us a call at (877) 787-5258 to find out more about how we can help protect you in the event of a data breach.

Sources: University of Maryland, Washington Post, New York Times, Southern Maryland Online

Comments

comments

Blogged on: March 6, 2014 by Mike Smith
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions