成人抖阴

Help fund stories like this.

Des Moines Area Community College is a harder target for cyberattacks and scams than it used to be, President Rob Denson said, but it takes constant effort and vigilance to stay that way.

He and his staff will receive fake attachments, fraudulent messages from people claiming to be coworkers and applicants with intentions of taking financial aid and running rather than attending classes almost every day, despite best efforts to head them off.

鈥淭hreat actors are always looking for you to let down your guard,鈥� he said.

In efforts to keep campus safe, some Iowa community colleges are having to put increasingly more time, manpower and money toward cybersecurity efforts.

Aaron Warner, CEO of cybersecurity company ProCircular, said community colleges are targets for bad actors because they house a lot of sensitive information, their student populations see continuous turnover, and they鈥檙e made to be as accessible as possible.

The often-chaotic time just before school starts is also utilized by cybercriminals, as faculty and staff are busier and less likely to catch suspicious emails or other activities.

鈥淚t鈥檚 an unfortunate byproduct of the fact that they鈥檙e a community organization,鈥� Warner said. 鈥淭hey are designed to interact as best as possible with the community. Bad guys take advantage of that.鈥�

When the COVID-19 pandemic forced employees to work from home, Warner said the opportunities to conduct cyberattacks expanded. Gone was the castle-and-moat style of keeping sensitive information on one secure network as data was transferred onto home computers and laptops. The risk of a successful cyberattack or intrusion didn鈥檛 so much rise as become more distributed, he said.

DMACC and Iowa Central Community College have already faced in real time what ProCircular simulates for training 鈥� a breach in cybersecurity. Iowa Central Community College was hacked in 2018, and DMACC saw a breach in 2021.

Both colleges amped up security efforts in response, which they still keep up today.

Colleges work to stop 鈥榞host student鈥� scam

One problem DMACC has worked to curb is 鈥済host students,鈥� or applicants who use fake or stolen identities to seek financial aid. Denson said the college started seeing more fraudulent applications around two years ago, coming in groups from certain areas in different states and filing for loans without any intent of actually attending classes.

For around a year, DMACC staff have been calling every applicant to confirm their identity before putting their information into the system, Denson said. While this practice has cut down on ghost student applications, it鈥檚 not the easiest task to undertake.

In fall 2022, DMACC admitted more than 1,600 full-time, first-time students. Admissions staff and recruiters called each applicant and recorded the confirmation of their identity in the DMACC system 鈥� a time-consuming process, Denson said, as many students aren鈥檛 easy to reach over phone or email.

鈥淚t鈥檚 a terrible use of time, it鈥檚 not the best use of their skills, but it鈥檚 something we鈥檝e got to do,鈥� Denson said. 鈥淲hat we don鈥檛 want to do is get a fraudulent app inside of our learning management system.鈥�

At its peak in late July 2022, Denson said the college was receiving around 15 fraudulent applications a day. Since implementing this practice, Denson said that number has decreased significantly, but one or two a day still pop up.

Denson said the amount of time and manpower needed to verify so many applicants pulls people away from their other work.

鈥淲e would rather have recruiters out recruiting and advisors talking to students about their career, rather than verifying somebody鈥檚 identity,鈥� he said.

In order to lower the risk of a fake student infiltrating Iowa Central Community College鈥檚 systems, President Jesse Ulrich said staff purges all records of inactive students 鈥� those who applied but never signed up for classes or interacted with the college in any way 鈥� every semester.

Cybersecurity is costly

Staff and faculty at both community colleges receive training on how to spot and report phishing, and receive random test phishing emails. Iowa Central Community College has members of its IT team dedicated to servers and infrastructure, and DMACC has a cybersecurity expert on retainer.

Security software, training and insurance all require funds, Ulrich said, which could be used in other areas of the college.

鈥淎nytime you are putting more resources into cybersecurity, whether that鈥檚 through people, software, paying more for insurance; all of those things pull from the general fund or other areas of our funds to be able to really meet the core purpose of community colleges,鈥� Ulrich said.

Both colleges have cyber insurance; Denson said the college鈥檚 annual insurance cost is five times what it was, and the deductible has doubled.

Even divulging details on its cybersecurity insurance could put the college at risk, Ulrich said, as threat actors will look through public records to determine how well-insured schools are and use that in attacks.

鈥淚t鈥檚 kind of a lose-lose situation for higher ed when we鈥檙e put in that situation,鈥� he said.

However, having these safeguards isn鈥檛 really a choice, Denson said 鈥� it鈥檚 a necessity, and one that isn鈥檛 going away soon.

According to SonicWall鈥檚 2023 , educational institutions were cyber criminal鈥檚 top targets for malware attacks. At the recent annual Community Colleges for Iowa conference, Ulrich said cybersecurity was among the top 10 challenges facing higher education today.

ProCircular works with more than just community colleges to evaluate cybersecurity efforts, but the leaders at colleges Warner has met are among the most understanding of the issues and how to tackle them, he said. Much of the company鈥檚 training involves ensuring people know what to look for, how to respond in the event of a breach and helping them allocate resources in the right areas.

U.S. Rep. Zach Nunn introduced in April to help curb cyber attacks against K-12 schools by increasing available resources, expanding cyber attack prevention information sharing and improve national tracking of cyber attacks. While no bills targeting cybersecurity in higher education have been introduced, a spokesperson for Nunn鈥檚 office said they are working with as many entities as possible to help tighten cybersecurity across the board.

Community Colleges for Iowa Executive Director Emily Shields said there has been interest in the state Legislature in working to curb cybersecurity breaches in higher education, but many of the best practices suggested in discussions are already being practiced by community colleges.

When it comes to funding, Shields said colleges would rather see more dollars go into general funds than specific silos like cybersecurity, as it allows them to be more flexible in allocating resources.

The organization has worked to help keep colleges informed about cybersecurity threats and avenues to help fend off attacks, in the event one does occur, she said.

鈥淭he conversation always is not if this is going to happen in your college, it鈥檚 when,鈥� Shields said. 鈥淓verybody鈥檚 anticipating. You will have cyberattacks, probably plural 鈥� it鈥檚 making sure you鈥檙e ready for that.”

is part of States Newsroom, a network of news bureaus supported by grants and a coalition of donors as a 501c(3) public charity. Iowa Capital Dispatch maintains editorial independence. Contact Editor Kathie Obradovich for questions: info@iowacapitaldispatch.com. Follow Iowa Capital Dispatch on and .

Help fund stories like this.