LANSING – “The hacker ate my homework” may sound far-fetched.

But for some community colleges, cyberattacks have been a real cause for concern.

From network breaches to full-campus shutdowns, such incidents raise alarms about the vulnerabilities in the digital infrastructure of higher education institutions.

Lansing Community College was among the institutions targeted in a wave of cyberattacks in 2022-23 when an incident compromised the college’s network over a three-month period.

The college paid a $1.45 million settlement to students, potential students, employees and vendors impacted by the data breach.

Kellogg Community College in Battle Creek suffered a ransomware attack in May 2022 that shut down all five of its campuses temporarily. The incident occurred during what was finals week for some students.

That same month, Kalamazoo Valley Community College in Kalamazoo experienced a cyberattack that led to widespread service outages.

“It was, unfortunately, well-prepared and successful from the bad guys’ point of view,” said Aaron Snead, its vice president of information technology.

“They were able to ransomware a significant number of our critical core administrative systems, to the point that it did halt IT operations for a significant period of time,” he said.

The disruption forced Kalamazoo Valley to delay the start of summer semester online courses by over a week. However, hybrid and in-person courses weren’t impacted.

“It was recognized pretty quickly that with online courses, there had to be some allowance given to the students. We were clearly not going to be able to expect them to meet their normal workloads because the system simply wasn’t up,” Snead said.

Following the attack, the college took multiple steps to strengthen its online security system, including implementation of multi-factor authentication, real-time monitoring of IT security events and network traffic surveillance measures.

“Prior to the cyberattack, security was something we always had on the list, but other projects always kept pushing it down the list – and that’s a very common story,” Snead said.

“After the cyberattack, we realized that it was no longer a luxury. You can’t just devote the bare minimum to security and hope for the best,” he said.

“That’s a recipe for disaster,” he said.

The Michigan Community College Association assisted its members in addressing cybersecurity problems efficiently.

“We helped to create an affinity group of all of the chief IT directors of the colleges to learn from each other, which hadn’t existed before,” said Brandy Johnson, the president of the association.

“So if I’m the chief information officer or the IT director at Grand Rapids Community College, I now know I can call someone at Mott Community College and say, ‘How did you handle this?'” she said.

Kalamazoo Valley has worked in partnership with the affinity group to help implement cybersecurity improvements throughout Michigan’s community colleges.

“Just sitting in a group and talking, whether it’s online or in the same room, is tremendously valuable,” Snead said.

“You not only learn that you’re running into some of the same pitfalls that many other organizations are having, you get a lot of good ideas of how to leverage things,” he said.