The education industry’s big push for better data security

The education sector has some shortcomings when it comes to keeping data secure, but it’s collectively taking action to make improvements.

Education industry university

The education industry regularly collects data about learners, teachers and other stakeholders. Having that information can improve the learning experience for students and help teachers and administrators work more efficiently.

The education sector has some shortcomings when it comes to keeping data secure, but it’s collectively taking action to make improvements.

The education industry ranks last for cybersecurity

Virtually all industries have cybersecurity issues to address. What’s particularly worrying about the education sector is that it ranked last out of 17 industries when SecurityScorecard assessed various sectors in the United States.

More specifically, the study said education was a poor performer in a few key areas. Network security and application security were two of the problematic areas cited, along with patching cadence.

The term “patching cadence” refers to the regularity and frequency with which educational institutions update their software with patches.

Although SecurityScorecard said the education sector recognizes the need to apply patches rapidly, it often did so during applications’ inactive periods.

Slow response rates also pose problems

Research outside of what SecurityScorecard found had a different conclusion about response rates for patching. But this study also showed that the education sector has a significant amount of work to do regarding cybersecurity.

It showed that the majority of education entities wait more than three days to apply patches after getting notified of domain name system (DNS) breaches.

Even worse, the same study revealed a jump of 68% concerning the cost of DNS vulnerabilities within education and showed a total of US$690,000.

That finding means businesses in the organizational sector could and should see improved cybersecurity as something that supports their bottom lines.

Universities teaming up to focus on security

It’s often difficult to get desirable results without collaboration. That’s a reality well understood by several U.S. universities — Purdue University and Northwestern University among them — that are joining forces to emphasize data security.

Each participating organization has an on-site data security center. And, the goal is to reduce the time needed to resolve threats after detecting them.

Then, even if hackers do break into a network, it could become more challenging for them to get enough information to do significant damage.

The efforts made by those universities are undoubtedly important. But all universities have a responsibility to follow current best practices for keeping data safe. Some steps to take when doing so include staying abreast of state and federal data protection regulations and training staff members and users on how to handle data safely.

K-12 institutions also at risk

Data breaches at colleges are arguably more likely than K-12 schools to capture attention in the headlines, and that’s due to the name recognition associated with many universities, plus the potential for hackers to access larger quantities of data.

But it’s crucial for people to realize that cybercriminals also target K-12 learning facilities — and they do so at a rate that likely exceeds many individuals’ expectations.

A report from the K-12 Cybersecurity Resource Center released a year-in-review report for 2018, and part of it assessed the frequency of cyber attacks affecting K-12 schools. It found that there were 122 publicly disclosed incidents during the year, or the equivalent of about one new event every three days.

Moreover, one-third of North Dakota’s schools got hacked by foreign entities in February 2018, reports showed. Malware was the culprit, and it took at least a month to remove it from a network used by all of the state’s employees.

After identifying that vulnerability, the state’s superintendent began working with cybersecurity experts to develop standards to align with the K-12 sector.

Educational institutions are enticing targets for cybercriminals

Except for the departments at universities that handle donations, many entities in the education sector don’t typically store as many financial details as other industries, such as retail or banking. However, hackers still conclude that it’s worthwhile for them to place educational entities in their sights.

For starters, they know that breaking into one network might provide a gateway to more extensive networks. Moreover, schools often have research data that could appeal to hackers.

For example, if a school has a government contract to work with the military or is carrying out a clinical trial at a university teaching hospital, both of those instances could give hackers a big payoff.

In short, representatives from educational sectors should never assume their workplaces won’t get attacked by cybercriminals.

Prevention is the best approach to securing data. Being proactive starts with being aware of the issues, but then it requires following up with a commitment to tackle them.