Guilford College still reeling from cyber incident

Accrding to Guilford College’s chief financial officer, John Wilkinson, one way to help prevent cyber incidents like the one Guilford recently experienced is to use multifactor authentication.

On Oct. 21, Guilford College was the victim of a systemwide cyber incident. Details are still emerging, according to Guilford President Kyle Farmbry, and it was not officially announced that the College’s system interruptions were due to a cyber incident until Nov. 5.

“Our teams have been working around the clock to determine the extent of the attack and impact on our systems,” Farmbry said in his official statement released on Nov. 5. “We’ve engaged external cyber security experts to assist in our investigation.” 

Students began to experience Wi-Fi outages on Oct. 20, the Thursday before fall break. Sophomore education student and resident advisor Haley Rayfield has been significantly affected by the outages. 

“I’m now over a week behind in all of my classes because of the Wi-Fi outages,” she said. “ITS kept trying to reach out to me to see if Wi-Fi had been restored on my floor, but myself and many of my residents had already gone home for break.”

Guilford is not the only institution that has been targeted in recent years. According to an April 2022 Forbes article, North Carolina A&T fell victim to a ransomware attack in March while the university was observing spring break.  It’s unknown how many universities are affected by ransomware attacks due to the lack of reporting, the article stated. 

According to Forbes, “many institutions are unwilling to disclose that they suffered cyberattacks unless they are required to by law, in part because they could be subject to lawsuits if the attack jeopardized the security of student or employee personal information,”

When asked if she was warned about the potential data breaches associated with hacking attempts, Rayfield looked confused. 

“They weren’t transparent at all with what happened,” she said. “We didn’t know what caused the outages or if our personal information could have been compromised. Every inch of my life is on my computer; my social security number, my credit card information.”

Rayfield is not the only one at risk. Over 1,000 students and faculty members could have had their personal information stolen in the breach.

According to a survey conducted by Sophos, a security software company, 84 percent of universities had cyber insurance in 2020, but only 64 percent had a policy that covered ransomware attacks, Forbes reported. This leaves a university responsible for any monetary fallout caused by an attack. The same survey showed that, on average, it costs a university $2.7 million to resolve damages from an attack.

There are many possible solutions posed to help combat further cyber incidents, but, according to many experts, the most important measure is multifactor authentication (MFA).

As reported by Forbes, Austin Berglas, co-founder of cyber security company BlueVoyant, is one such proponent of MFA.  “We’ve seen threat actors try to compromise organizations that have MFA, and they actually just move on to the next target looking for an organization that doesn’t have it,” Berglas told Forbes. 

John Wilkinson, Guilford’s chief financial officer, stressed the importance of MFA and other safety precautions in his statement on password safety, emailed to the Guilford community on Nov. 3. His main points included avoiding phishing scams, maintaining strong passwords, implementing MFA security when possible and reviewing credit reports for unauthorized activity.

According to Microsoft Support, a strong password is between 12-14 characters long, with special symbols and letter combinations that can’t be found in a dictionary. The Microsoft Support website also advises users to make sure their passwords are easy for them to remember, but difficult for others to guess. 

According to Farmbry’s Nov. 5 statement, Guilford’s investigation into the cyber incident is still ongoing. “As additional information becomes available, we will share it with the Guilford community,”  he said in the statement’s closing words.