Too often, outdated systems and understaffed and undertrained IT teams are all that’s protecting sensitive data for students and schools
Education is becoming one of the most targeted industries for cybersecurity threats, ranking high in recent reports that compare it to top industries such as finance and health care. Since 2016, K-12 schools have reported over 400 cybersecurity incidents, which included data breaches, ransomware, and phishing attacks.
This leaves student information such as medical records, financial accounts, and school files in jeopardy from all sorts of malicious criminals, including hackers and identity thieves.
But why education? If you asked a layperson for the industries they thought hackers had their eye on the most, it probably wouldn’t be their answer.
Why education is a target
Financial gain is one of the biggest reasons why higher education and many private schools have become susceptible to threats. It’s no secret that these institutions handle a lot of money between students and outside vendors, and that amount grows bigger every day.
Personal data is another motivation to hack education systems, no matter the grade level and financial requirements for student entry. Schools have access to almost all personal information about a student, from financial to medical, making it the perfect one-stop-shop for cybercriminals.
Why schools are so vulnerable to cybersecurity threats
Many schools lack the resources to have updated, secured hardware and software in place. It’s expensive – and so is the IT staff needed to maintain it. Oftentimes, schools have to apply for grants in order to get the money. That assumes they have the personnel to support building a cybersecurity plan and the funds left to maintain it in the long run.
The BYOD (bring your own device) policy on most campuses leaves hundreds and thousands of unsecured access points wide open. Students and faculty connect to the network at school and then take those devices to coffee shops and malls, connect to public Wi-Fi networks, and give hackers another way in. It makes it almost impossible for IT teams to secure the network.
Lack of education among staff and students, as well as lax standards for basic cybersecurity protocol, is one of the major threats facing schools. In 2018, over 54% of reported attacks on schools were carried out or caused by a member of that school community. Schools can curb these incidents by spreading security awareness and setting strict action plans in place for dealing with all reported situations.
Dropbox: a case study in platform vulnerabilities
Like many organizations these days, schools are using cloud applications such as Dropbox and Google Drive to easily share information and connect with colleagues. Although they are incredibly useful, these apps should not be used to transmit sensitive information, as they pose a serious threat to schools without a broader security plan in place.
Think about when you use these applications personally. How many times do you check that you’re sharing the right link or that you uploaded the right file before sending it to someone? Schools shouldn’t be facing those same obstacles with sensitive data.
Multiple unsecured devices accessing files through multiple unsecured networks increases the chances of data loss or leakage astronomically. Public folders and shared URLs make it even worse, as anyone with access to that information can see it all.
Although Dropbox servers are encrypted using Advanced Encryption Standard (AES), there is a common key for system administrators and support providers. The easiest path for a hacker is to get that key, and thus access to any encrypted information.
How to overcome threats
As mentioned earlier, one of the biggest threats to campuses is the sheer number of devices accessing the network at any given time. Endpoint security is crucial to protect access points and identify vulnerabilities. Segmenting the network can make it more manageable and easier to react when a threat does occur.
Maintaining and updating networks, servers, and systems take up most of an IT team’s time. It’s necessary for organizations to continue operating and functioning securely. Unfortunately, many IT teams on campuses just don’t have the bandwidth or the manpower to do this correctly. Dedicating time and people to these tasks can help keep schools safer.
Teachers and students often cause cybersecurity issues on campuses out of pure ignorance. It’s important that they understand how their actions contribute to the school’s security so they know what to avoid. Phishing emails and suspicious messages, malware software, student data encryption, and transmission, and password managers are helpful topics to cover. IT teams can also take care to install security software on any work devices used by staff.
Sometimes school IT staffs are a little rusty and could use additional training on best practices. Hiring outside help for training and auditing can provide schools with an objective look at their weaknesses and knowledge gaps. This may be a steep investment on top of hardware and software, but it will pay for itself by creating a proactive team.
The most important way to overcome these threats is to have a plan. Put solutions in place to protect systems against known and unknown threats. Behavior-based detection software, email security, data storage encryption, data backup, and firewalls can all protect schools from threats like ransomware and Trojans. Keeping IT staff trained and enforcing best practices with network users will also go a long way.
The potential of cloud computing in education
There are standards in place such as HIPAA (Health Insurance Portability and Accountability Act), FERPA (Family Educational Rights and Privacy Act), and COPPA (Children’s Online Privacy Protection Act) that institutions must follow to protect student and family data. But factors are stacking up against schools, making it harder for them to protect themselves.
Schools are moving to cloud computing services to help ease the burden of securing data as well as maintaining and updating systems. Amazon WorkSpaces allows students and faculty access to the resources they need quickly and consistently. It also provides staff with additional insights into student behavior and accessibility.
CloudHesive can help your team set up, maintain, and secure your cloud environment so you can use it to its full potential. No matter what phase of the cloud migration process your organization is in, CloudHesive can help you complete the journey. Learn more by getting in touch with CloudHesive at 800-860-2040 or through our online contact form.