Cybercriminals see education as an amazing opportunity. But they\u2019re not taking classes or gaining qualifications \u2013 they target universities and other educational institutions for the wealth of personal information they hold.<\/p>\n
In Tomorrow Unlocked\u2019s video The Backdoor into Campus, Royal Holloway, University of London cybersecurity experts talk about how a major identity theft incident on campus happened and how they\u2019re working to keep students and staff safe in future.<\/p>\n
Universities and colleges often have many people using their systems, like staff, students and visitors. They also offer many kinds of services online.<\/p>\n
Mike Johnson, Chief Information Officer at Royal Holloway, University of London, describes a recent security incident. \u201cA staff member\u2019s credentials were stolen and used to send convincing offers of part-time work to students. Some students undertook the work and were paid. But they were overpaid, then asked to return some of the money. It was money laundering on a significant scale.\u201d<\/p>\n
With just one stolen identity, a criminal can do a lot of damage. If you know enough about someone in the digital age, you can access money or commit other crimes, all while leading law enforcement back to the wrong person.<\/p>\n<\/blockquote>\n
\u201cCommonly, we find those who try to attack us are looking to harvest identities,\u201d says Johnson. \u201cWhen they\u2019ve got them, they\u2019ll try to harvest more until they\u2019re sure they can attack us in the way they want to.\u201d<\/p>\n
Education can stop attacks on education<\/h2>\n
It\u2019s all about authentication, says Keith Martin, Professor of Information Security at Royal Holloway, University of London: Knowing the person trying to access something online is the person they say they are. \u201cImagine a front door. Whoever has the key can open it. To breach that, you need to get hold of the key. Entering a country is more high security: Border control looks at credentials like a passport and <\/em>the person submitting it.\u201d<\/p>\n
Professor Martin continues, \u201cIn cyberspace, it\u2019s a bigger problem because we can\u2019t see who\u2019s asking for access. The most popular authentication is a password, but passwords are like keys \u2013 easily copied or stolen. So we need to use the passport model \u2013 asking for multiple things to gain access.\u201d<\/p>\n
That\u2019s called multi-factor authentication<\/a>. You\u2019d need more than a password to gain access, such as a code sent by SMS or biometrics<\/a>, like a fingerprint.<\/p>\n
Senior security researcher at Kaspersky, Noushin Shabab, says for the best security, multi-factor authentication should combine biometrics like facial recognition with another credential.<\/p>\n
Developing \u2018cyber common sense\u2019 in education<\/h2>\n
Professor Martin says the most important thing anyone can do to keep their identity safe is to develop \u2018cyber common sense.\u2019 \u201cHesitate before doing anything in cyberspace \u2013 if you\u2019re sent a link or a message asking for information, ask, why do they want this<\/em>?\u201d<\/p>\n
Johnson feels education institutes are perfect places to learn cybersecurity awareness. \u201cWe\u2019ve got to be willing to have a conversation with students about digital security and what protecting their identities means. We\u2019re educators \u2013 we\u2019re well placed to help people operate in an environment they\u2019ll operate in for a long time.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"
When identity theft dragged one UK university into a money-laundering scam, they realized they were perfectly placed to stop it happening again.<\/p>\n","protected":false},"author":2552,"featured_media":43821,"template":"","coauthors":[3673],"class_list":{"0":"post-43820","1":"emagazine","2":"type-emagazine","3":"status-publish","4":"has-post-thumbnail","6":"emagazine-category-cybersecurity-training-cybersecurity","7":"emagazine-category-data-and-privacy","8":"emagazine-tag-authentication","9":"emagazine-tag-biometrics","10":"emagazine-tag-education"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/university-identity-theft-authentication\/43820\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/secure-futures-magazine\/university-identity-theft-authentication-2\/26217\/"}],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine\/43820","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/emagazine"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2552"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/43821"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=43820"}],"wp:term":[{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/coauthors?post=43820"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}