Secure Your City: Educational Institutions

by Sarah Harvey / June 6th, 2019

When you send your child to school, whether it’s a K-12 or higher education institution, you expect them to be safe – but that should go beyond physical security. You should want to know that your child or family member’s personal data is secure, too. From names, dates of birth, standardized testing scores, attendance and grade records, medical data, email addresses, phone numbers, Social Security Numbers, and financial aid information, there’s ample sensitive assets that malicious hackers can compromise.

The Need for Effective Cybersecurity Strategies at Educational Institutions

Aimed at protecting the privacy of students and their parents, FERPA lays the groundwork for the need for effective cybersecurity strategies, but unfortunately, breaches are still likely to occur. The University of Louisville, Georgia Tech, and The College of Southern Idaho have all experienced data breaches within the last two years. K-12 organizations are also just as likely to encounter a data breach or security incident. For instance, just last month, Kentucky’s Scott County School District announced that it fell victim to a multi-million-dollar phishing scam.

While it may seem like educational institutions would be less likely to experience a data breach or security incident, the reality is that they are just as likely as many other industries. Why? Because beyond student data, there’s research, endowments, and more to be compromised. Additionally, if an educational institution experiences a data breach, it’s more than the students or organizations themselves that will likely feel the impact. Think of the parents’ personal data. Often times, they provide their Social Security Numbers, financial information for student loans, credit card information, phone numbers, email addresses, and more. Consider vendors or other research institutions that contribute to student and faculty research. How would a data breach or security incident impact them? What about employees?

Key Cybersecurity Challenges Faced by Educational Institutions

Educational institutions face a number of cybersecurity threats, ranging from open access infrastructure and loose security controls to human errors and disgruntled employees. Mitigating these risks can take a lot of work, but if done effectively, your educational institution can provide peace of mind to students, parents, and personnel alike. Let’s look at these cybersecurity challenges more in-depth.

  1. Loose Security Controls: For many educational institutions, loose security controls are a major weakness in their security hygiene. With a range of web and mobile applications, various WiFi networks, IoT devices and more, implementing strong security controls can be a challenging task.
  1. Lack of IT Personnel: Working within tight budgets, as most educational institutions are, makes it difficult to implement a robust information security program. Often times, this leads to a lack of IT personnel capable of managing an entire organization’s network and vulnerabilities going unnoticed for long periods of time.
  1. Human Error: Employees pose one of the largest threats to the security of educational institutions. While they may seem like minor security breaches, employees often leave their computers unlocked, open unsecure emails or click on malicious links, or even leave post-it notes with passwords on them visible to unauthorized personnel. Disgruntled employees also pose a major risk. If an employee is terminated and they still have access to their email accounts, educational institutions could experience major data breaches.

As an educational institution, your organization has the responsibility of shaping the minds of students and turning them into productive members of society, while also making sure that they remain safe and secure. Make sure your organization follows through with these responsibilities by implementing effective cybersecurity strategies. Not sure if you’re meeting the security, privacy, and cybersecurity obligations expected of you? Contact us today!

More Cybersecurity Resources

What is a FERPA Audit?

FERPA FAQ: What You Need to Know About FERPA Compliance

Horror Stories – 5 Cities Victimized By Cyber Threats

How Can Penetration Testing Protect Your Assets?