Higher education remains one of the most targeted industries by cybercriminals. The latest Verizon DBIR lists miscellaneous errors, social engineering, and system intrusion as the three most prevalent risks in this sector. Social engineering is particularly pernicious since cybercriminals exploit human psychology through manipulation and fear. Knowing this, it is critical that institutions remain vigilant when guarding sensitive data pertaining to their faculty, staff, and students. Cybercriminals can and will capitalize on your institution's cyber shortcomings and poor password hygiene.
Compromised emails accounts were a major concern for Aaron Baillio, Chief Information Security Officer at University of Oklahoma. If a university employee was phished, their email account would generate thousands of emails, which meant the number of compromised accounts expanded. Aaron realized that the primary culprit was weak passwords since staff and faculty struggled to generate complex twelve-digit passwords. Baillio decided to invest in LastPass, the industry-leading password manager to educate his team on password hygiene all while investing in the next generation.
University of Oklahoma took the necessary steps to educate its community and improve its password behavior. Here’s what they did, and how your institution can support its teams by using a password management solution.
Build an equal landscape
There’s an educational gap in knowledge that cybercriminals look to exploit. By adopting a solution like LastPass, institutions can level the playing field by enabling teams access to the same resources and insights. With features like the password generator and dark web monitoring, a password manager does the heavy lifting. Employees are able to create passwords that are strong and secure, and with the added Families as a Benefit offered with business accounts, they’re able to continuously improve their security habits outside of work. With access to LastPass’s Trust Center, an institution can offer a fair and balanced resource to better understand the current cybersecurity landscape.
According to Baillio, “LastPass helped us to build a standardized policy for all our campuses and features like the password generator establish password complexity.”
To further educate the broader community and bridge any gaps in cybersecurity education, LastPass also provides personal premium accounts for students as part of an institution's investment in password management.
“LastPass had been on our radar for a while, but what really stuck out during our conversation was the Premium as a Perk for students that they offer. We recognized it as a great opportunity to invest in our students and protect them on and off campus,” says Baillio.
Make password management simple to save time
Remembering hundreds of key credentials can be cumbersome and have a detrimental impact on productivity. With LastPass, all passwords are saved within a user’s personal vault, credentials are generated within a second, and the browser extension swiftly populates sites with relevant information. From minutes to seconds, staff and faculty are able to shift their focus towards completing tasks that deliver value.
Baillio adds: “A lot of staff and students are taking advantage of it, which is great to see, and the university manages significantly less password change requests. We’ve found it to be very intuitive and easy to use."
Minimize costly risks and work together safely
Nearly one thousand educational institutions were the target of 67 separate ransomware attacks in 2021, potentially affecting 950,129 students. It was predicted the downtime from these attacks cost $3.56 billion. Many institutions had to manage exorbitant recovery costs as they attempted to fix machines and retrieve lost data.
With LastPass, teams are able to generate secure passwords to guard each access point and protect data. Teams can also utilize the password sharing functionality to enable staff to safely collaborate and deliver resources to students. Baillio recognized the impact that LastPass had at University of Oklahoma: Only three out of 15,000 master passwords were weak throughout the entire university. Additionally, distributed IT groups were able to more effectively collaborate on daily tasks through secure password sharing.
“It really demonstrates how LastPass has helped the team to be more aware of security risks. We’re now able to work in partnership with staff and students thanks to LastPass, which is what we’ve always wanted, a unified approach,” says Baillio.
To find out more about how LastPass enabled University of Oklahoma to educate their teams on cybersecurity with our password management solution, read the full case study.