Senior Consultant, The BlumShapiro Cybersecurity Team
When we think of cybersecurity attacks and vulnerable information, we often think of financial institutions with banking information and credit cards, or hospitals with medical records. But what about our schools? We often forget that schools hold a slew of attractive data for hackers.
Verizon’s 2016 Data Breach Investigations Report ranked the education sector sixth overall in the United States for the total number of reported “security incidents.” So why are schools such an attractive target for a hacker? Because schools, (colleges and universities in particular), have a little bit of everything for the hacker, and in high volume. Our schools’ data include items such as email addresses, social security numbers, medical records and insurance data, financial aid information and research material, particularly in the fields of science and engineering.
What are some key areas of concern for schools when it comes to cybersecurity?
Although the primary concern with the security of student data is generally identity theft, Huffington Post contributor Jason Glassberg of Casaba Security, cites several other threats for our education system:
- Universities and medical data – Several colleges and universities have their own medical centers, and as such, carry medical data and records making them a target for hackers.
- Academic services and tests – Major exams like the SAT and ACT have been noted as susceptible to data leaks. This can compromise the legitimacy of scores and the college admissions process.
- Scientific research programs – The innovative research fields are being targeted for foreign governments. In the summer of 2015, an attack (apparently originating in China) targeted the University of Connecticut School of Engineering, exposing an unknown amount of personal and financial information of students along with sensitive research data and information from research partners.
- Political activist groups – These groups that originate from, or operate in college campuses are being targeted by foreign intelligence service monitoring and hacks.
- K-12 schools – Ransomware has been noted as a major threat for K-12 schools across the country. Young users may be less mindful of risks associated with clicking unknown web links. This is forcing some schools to pay to have their data released – money that most schools do not have. New York, New Jersey, Texas, Florida, South Carolina, Mississippi and Montana have already had their districts attacked with ransomware.
Awareness is a first step towards better protecting our schools. It is imperative to remember that although the “business” of a school is primarily educational, as opposed to financial or medical, they are susceptible all the same. Schools should consider revamping their budgets to invest in modern cybersecurity measures, including training. Jason Glassberg, Co-founder of Casaba Security, recommends spending “no less than 2.5 percent of the annual budget on IT security improvements and modernization, although more is always better.” Secondly, our schools must determine what data they hold that is susceptible to breach and then utilize security measures like encryption, reduced access, and backups to better protect that sensitive data.
Now is the time for our schools to start prioritizing cybersecurity. Schools need to “keep up” with modern cyber threats by maintaining awareness of current threats, acknowledging the massive amounts of personal, financial, and medical data they have, investing in data protection mechanisms, and teaching students, faculty, and staff about the cyber risks that they face.
How BlumShapiro's Cybersecurity Team Can Help:
Could your organization be vulnerable to a cyber attack? What is your current exposure? How would your business continue to function in the event of a breach? Our cybersecurity experts can help you address the vulnerabilities and risks your organization faces against cyber security threats. Remember, the costs of developing a security strategy you feel confident about are minor compared to the potential financial and reputation risk if an attack or breach occurs. Learn more about our services >