Massive data breaches at colleges and universities have made headlines in recent weeks.
According to IBM’s 2023 Cost of a Data Breach Report, the average cost of a data breach in the higher education and training sector was $3.65 million between March 2022 and March 2023. The mean time for all sectors to identify a data breach was 204 days with an additional 73 days on average to contain it.
In addition to the immediate financial loss, there’s even more at stake for higher education institutions like NC State, including the breach of sensitive data — from Social Security numbers to financial information to innovative research. A data breach could also tarnish NC State’s reputation.
To help safeguard NC State from potential data breaches, review OIT’s security best practices and follow these security tips:
- Protect yourself against phishing
Phishing is the most common method hackers use to access data. Cybercriminals use communication avenues like email and text to trick individuals into handing over sensitive information. See Watch out for phishing lures to learn how to spot and avoid phishing scams. - Keep your credentials safe
The second most common way hackers access data is through stolen or compromised credentials. Using the Duo Mobile app for two-factor authentication helps guard your Unity ID and password. Consider also using a password manager. - Stay informed
Education is key. In addition to completing the annual employee Data Security Training, take advantage of OIT’s training opportunities such as those offered during National Cybersecurity Awareness Month. - Comply with rules and regulations
Noncompliance with regulations is one of the biggest cost amplifiers for security breaches. NC State has issued a number of rules and regulations to help strengthen incident response and mitigate data loss. Understanding these guidelines is vital for the whole Wolfpack community. See Data Management Framework for additional guidance.
To report a cybersecurity incident, email abuse@ncsu.edu or call 919.515.4357 (HELP). Include as much of the following information as possible:
- Type of incident
- Your name and contact information
- Date and time of incident
- IP address of each computer involved
- Logs from each computer involved