Xavier University of Louisiana

Xavier University of Louisiana, established in 1925 through the efforts of Saint Katherine Drexel and the Sisters of The Blessed Sacrament, is the only Catholic, private and Historically Black College (HBC) in the U.S. The university proudly holds the top position in the country for placing African Americans in renowned medical schools and is also the leading producer of African American pharmacists. Xavier University strives to foster the development of a more compassionate world, equipping its students with the skills and knowledge necessary for leadership and service roles within a global community.

"This is our first semester with BullPhish ID, and the response to the security awareness training from students, faculty and staff has been overwhelmingly positive."

Gregory Jones, CISO, Xavier University of Louisiana

The Challenge

Xavier University of Louisiana’s CISO Gregory Jones knew that every one of the university’s 3,000 students and 800 faculty and staff members needed to understand their part in safeguarding the institution against today’s advanced cyberthreats.

Jones and the team of the university’s IT professionals are responsible for the governance of the university’s infosec program, the creation and implementation of policies, compliance management and other key responsibilities, like training and sourcing vendors.

Jones understood the risks the dark web poses to schools and colleges, where student and staff credentials could be leaked onto various forums and put up for grabs by malicious actors. This could result in a multitude of cyber risks, potentially devastating the institution and its people. He needed a way to understand just how many credentials were, or are, being dumped on the dark web and maybe even identify the sources of the leaks.

The next hurdle was conducting security awareness training for a large student body. Many students at the school utilize loaner laptops and tablets, highlighting the need for increased endpoint security and cyber hygiene education. Before Jones became a part of Xavier University’s IT team, the institution utilized a tool that did not offer the type of training materials needed to educate students and staff on cybersecurity. The training courses were also lengthy, often extending past 30 minutes, making it difficult to keep learners engaged and impairing knowledge retention.

Additionally, the rise in social engineering by cybercriminals, particularly on social media, poses significant risks to students, from extortion to the threat of human trafficking, extending the university’s cybersecurity concerns beyond just business email security. To address these risks, the school needed additional custom training.

The Solution

In order to overcome these challenges, Jones sought out dark web monitoring and security awareness training solutions. Xavier University was already a Kaseya backup solution customer, which led Jones to discover ID Agent’s Dark Web ID and BullPhish ID.

Dark Web ID is a dark web monitoring solution that scans the dark web for exposed credentials and PII, alerting organizations to potential security threats.

After implementing Dark Web ID, Jones and his team uncovered an alarming number of compromised credentials for the school’s email addresses, numbering in the hundreds. These credentials had been circulating on the dark web, stemming from data breaches, some of which dated back years ago — a time when rigorous IT security and email policies, particularly concerning user password management, were not as stringent as they are today. These older compromises still presented a problem because the school keeps the email accounts of former faculty members active for regulatory reasons.

When it came to tackling the problem of training more than 3,800 students and faculty, BullPhish ID delivered on all expectations. BullPhish ID phishing simulations and frequently updated video training modules enable institutions to strengthen the vigilance and security knowledge of their students and staff. Through short, engaging video training and realistic phishing simulations, it teaches learners to spot and avoid cyberthreats, such as phishing and social engineering tactics.

BullPhish ID gives Jones and his team the ability to create their own custom training content to augment the extensive course selection within the product and use the BullPhish ID platform to deliver it. The solution also allows the team the flexibility to conduct phishing simulations at random on a bimonthly basis, varying the exercises by job function or department to obtain performance metrics for progress tracking and determining future training direction.

Results

The discovery of numerous credentials on dark web forums prompted a significant overhaul in the university’s approach to security, leading to enhanced measures to protect its user base from vulnerabilities via exposed usernames, passwords and PII. This helped the team further improve their security training programs and password policies to ensure user credentials were better protected.

After implementing BullPhish ID, Jones received positive feedback from the faculty, students and staff members. The training makes them feel better informed and prepared to deal with cyberthreats. The fact that BullPhish ID enables the IT team to customize training material and phishing simulation kits to target specific faculty and staff members further improves their user experience, all while strengthening the university’s cyber resilience.

Find out how you can protect your organization with security awareness training and dark web monitoring

Book A Demo

“When we deployed Dark Web ID, we found that there were hundreds, if not thousands, of our users’ credentials in data dumps, some dating back 10-15 years. So we have strengthened our cyber security program through awareness training and a stronger password policy. We can confidently say that since we've structured that portion of our cyber security program, we have not noticed any new credentials being leaked.”

Gregory Jones, CISO, Xavier University of Louisiana
Case Studies

From our customers

View Now
IDA_Case-Study_LoyolaSchool-Resource

Loyola School

See how Loyola School’s one person IT team overcame email security challenges with Graphus and BullPhish ID.

View Study
IDA_Case-Study_Thiry

Thiry Technology Services

See how Thiry Tech helps defense contractors maintain security and compliance with IT Complete.

View Study

Computer Concepts USA

See how Computer Concepts USA protects and educates clients with dark web monitoring from Dark Web ID and security awareness training from BullPhish ID.

View Study