Causes, Countermeasures, and Examples of Information Leaks at Universities
Recently, information leaks at universities are increasing due to cyberattacks and employee errors. Some people may be wondering what to do because of a lack of security personnel and tight budget constraints.
This article introduces the causes and countermeasures for information leaks at universities, as well as examples. Read to the end to help prevent information leaks.
Table of Contents
- Causes of Information Leaks at Universities
- Information Leaks Due to Malicious Cyberattacks
- System Modification Defects
- Email Address Configuration Errors
- Unauthorized Access by Third Parties
- Examples of Information Leaks at Universities
- Information Leakage Countermeasures at Universities
- Centralize Storage Locations for Each Data
- Encrypt Files
- Education for Stakeholders
- Implementation of Security Software
- Summary
1. What are the Causes of Information Leaks at Universities?
Causes of information leaks at universities include “Malicious Cyberattacks,” “System Modification Defects,” “Email Address Configuration Errors,” and “Unauthorized Access by Third Parties.” Understand the causes and check if your university has any risks.
1-1. Information Leaks Due to Malicious Cyberattacks
Information leaks occur due to malicious cyberattacks such as ransomware. Ransomware is a virus that locks infected computers and files, making it impossible to use the computer.
To restore the computer to a usable state, you must pay a ransom. However, even if you pay the money, there is a possibility that your computer information has been stolen, and there is a risk of information leakage. Therefore, it is important to take measures to prevent infection by diagnosing computer vulnerabilities and introducing security software.
1-2. System Modification Defects
There is a risk of information leakage due to defects in system modifications used at universities. Universities manage various data on their systems, including personnel information, management information, and research results. Systems are often developed by external vendors or through the introduction of solutions.
In the past, there have been incidents where personal information was mistakenly disclosed on a web page due to system modifications by an external vendor. When modifying systems related to personal information, check with the vendor’s sales representative to ensure that information is not accidentally disclosed.
1-3. Email Address Configuration Errors
There is a risk of information leakage due to email address configuration errors by university staff and faculty members. There have been cases where a faculty member forwarded their work email to their personal email address, and mistakenly registered “gmai.com” instead of “gmail.com,” continuing to forward emails for months.
Because the person and the original email recipient are unaware of the leak, it is difficult to notice. For further inquiries, contact globalsupport@jiran.com
Details will be introduced in the information leakage case studies, so please check them out.
1-4. Unauthorized Access by Third Parties
There is a risk of information leakage due to unauthorized access by third parties. If the account and password of the email service you are using are leaked, you can download personal information and attached documents from past email history.
Because research results that have not been made public may be obtained by impersonating the person, the impact of unauthorized access is significant.
Basic measures such as not reusing passwords and not using passwords that anyone can think of are important.
2. Examples of Information Leaks at Universities
Here are some examples of information leaks that have actually occurred at universities.
Check if your university has similar risks.
| University | Saitama University |
|---|---|
| Cause | Incorrect email address setting when forwarding emails |
| Case Details | According to the university, in May 2021, a faculty member set up their work email to be forwarded to their personal email address, and mistakenly registered “gmai.com” instead of “gmail.com,” continuing to forward emails for approximately 10 months until March 2022. As a result, approximately 5,000 emails were misdirected, and personal information such as names and phone numbers of approximately 2,100 students and university staff members was leaked. After another faculty member pointed out the address error, the university apologized to the students and sent emails requesting the incorrect recipient to delete the data, but there has been no response from the recipient. For further inquiries, contact globalsupport@jiran.com |
| Impact | Personal information such as names and phone numbers of approximately 2,100 people was leaked |
| Recurrence Prevention Measures | Review of email operation methods and implementation of awareness campaigns |
| Reference | https://www3.nhk.or.jp/news/html/20221122/k10013899411000.html |
3. Information Leakage Countermeasures at Universities
Universities have many challenges in taking information leakage countermeasures, such as a shortage of personnel familiar with security and cost issues. From here, we will introduce measures for personal emails and Office documents that are most likely to be leaked among information leaks.
Please refer to the following: “Centralize the storage location of each data,” “Encrypt files,” “Education for stakeholders,” and “Implement security software.”
3-1. Centralize Storage Locations for Each Data
Determine the storage location of data handled by staff and faculty members and manage it centrally. For example, by centralizing the storage location for each faculty member’s training room, it becomes easier to organize and manage data. After deciding on the storage location, grant access rights and prevent data from being taken out unnecessarily.
If an information leak occurs, the users are narrowed down, making it quicker to determine which user to investigate first. In addition to making it easier to organize and manage data, it also has the advantage of shortening the time to identify the cause in the event of an emergency.
3-2. Encrypt Files
Encrypt files so that no one can access them. By encrypting files, only specific users can access the data, preventing the risk of information leakage.
It can also reduce the risk of misdirection when sending files as attachments to emails, and information leakage when infected with ransomware.
There is also security software that detects unencrypted files on your PC, which is recommended as a countermeasure in case you accidentally forget to encrypt them.
3-3. Education for Stakeholders
As the cause of information leaks includes configuration errors by staff and faculty members, a single mistake can lead to information leaks. It is important for each staff and faculty member to be aware of security on a daily basis.
By regularly holding security-related lectures and introducing information leakage cases at other universities, you can encourage them to be aware of the problem. By making each person aware, the risk of information leakage can be reduced.
3-4. Implementation of Security Software
To prevent information leakage, implement security software. For example, by implementing security software, you can defend against infections from malware such as ransomware, and block access to suspicious sites.
People inevitably open links in suspicious emails at times, so you can feel safe by implementing security software.
When implementing, we recommend cloud service software. Cloud services have extensive functionality, do not require construction costs for servers, etc., and are often inexpensive in terms of cost. In addition, by implementing security software that is easy to use even for people without specialized IT knowledge, you can take more effective security measures.
Summary
This article explained the causes and countermeasures for information leaks at universities, as well as examples of actual occurrences.
The causes range from cyberattacks to misdirection due to incorrect email address settings, all of which have a wide impact.
As a countermeasure, you can reduce the risk of information leakage by centralizing the data management location and encrypting files. It takes a lot of effort and knowledge to carry out these measures mainly by those in charge of security at the university.
Therefore, we recommend implementing security software that protects information from viruses such as ransomware and other malware. There is also software that can be implemented at a low cost, and the cost performance is good when comparing the risk of information leakage and the implementation cost.
Virus Countermeasure Security Software “EXO Security”
