Are schools doing enough to protect student data?

03 Sep 2019

protecting student data in schools — What can schools do to protect students' data? Source: Neonbrand/Unsplash

Recently, Forbes outlined the recent cyber threats that every company should know about.

Trouble areas included a “lack of visibility”; with sensitive data sprawled across personal devices and public clouds, it’s hard for security professionals to keep up with the changing scenes of a company’s data and the data-sharing habits that happen internally.

Another cause for concern was the absence of “Next-generation firewalls, AV solutions, URL filters, data loss prevention (DLP) solutions, endpoint detection and response (EDR) solutions.”

By not bringing the latest cybersecurity technologies to the forefront of their focus, many companies lose integral data due to continuous security breaches.

Yet, with efficient cybersecurity advice readily available for companies with open budgets, what happens when a small school suffers a cyberattack and loses student data?

Students’ data is under threat from crafty cyber attackers. Source: Shutterstock

This year in the US, there has been an increase in cyberattacks against smaller schools that cannot afford high-tech firewalls and expensive DLP solutions.

Highlighted by The Hill, “School districts across the country are increasingly becoming a major target of malicious cyberattacks, leaving both the federal government and state governments scrambling to find ways to fight back.

“Recent cyberattacks on school districts in Louisiana, Virginia and Oklahoma have highlighted the threat. In Louisiana, Gov. John Bel Edwards (D) declared a statewide emergency last month in response to ransomware attacks on three school districts, and authorised state resources and cyber assistance to help the districts.”

But if you want to see destruction in numbers, you should look at the K-12 Cyber Incident Map.

Since January 2016, the map presents 590 reported cybersecurity-related incidents from US K-12 public schools and districts.

From phishing attacks resulting in the disclosure of personal data to ransomware attacks, cybersecurity breaches are continuous and a growing challenge for schools across the country.

Here’s what we currently know about the demographics of school districts who have expereinced a cybersecurity incident: /2 pic.twitter.com/RGFeCUTlJ7

— The K-12 Cybersecurity Resource Center (@K12CyberMap) July 29, 2019

How can schools conquer malicious cybersecurity attacks?

Unlike budget-less businesses and extensive education networks, some schools only have limited costs to defend themselves against cybersecurity breaches.

And even if schools don’t think they need to defend themselves against tech-based terrors, it should be known that in the 2019 Malwarebytes State of Malware report, education consistently appeared in the top 10 industries targeted by cybercriminals.

Understanding the difficulties of staying inside the budget when it comes to cybersecurity solutions, Operations Director Ted Burrows from Harrap ICT, an IT service provider for K-12 schools across the United Kingdom, outlines five useful tips that schools can take:

Educate faculty, students, and staff

According to Ted, it’s vital to keep your school faculty and staff educated and aware by holding monthly or bi-monthly trainings during workdays to brush up on detecting phishing emails and learn about new threats.

“It’s also important to set a security policy. The policy should include password, email, internet, acceptable use policies and more. Depending on technology and processes, the policy’s purpose is to set rules and procedures for everyone on the campus to follow while utilising school Wi-Fi and devices.”

If everyone follows this policy, a cybercriminal’s chances of stealing student data will lessen.

Layered security

“Schools, colleges, universities, and other institutions need antivirus that learns and updates as new threats are realised. Then it’s important to build layers of security, such as anti-malware, firewalls, secure gateways, patching software, and more to build a strong defense,” Ted notes.

This layered cybersecurity approach is a safe way to protect data and devices in an always-changing environment. So, if one layer is compromised, such as a firewall, the school will have additional layers in place to make it even harder for the cybercriminal to crack through and steal students’ data.

Keep software patched

Schools use countless applications and servers with vulnerabilities that allow cybercriminals to gain access to the network easily.

Ted believes that by staying on top of patching systems, your institution is protected.

Back up your network data

Always, always, always have a backup!

If cybercriminals gain access to your data and threaten to encrypt or destroy it, having a backup and recovery strategy is essential.

You can implement automated backup and recovery software to keep student data extra safe and to ensure that if anything did go wrong, you can get the system up and running again in a few minutes.

Monitor your network

On his final point, Ted advises that schools should “Ensure visibility across their entire network. Being able to locate where vulnerabilities exist and remediate them remotely saves IT teams time, while saving the network from widespread damage.”

By following the five points above, schools have a chance of maximising their security efforts at minimal cost.

Of course, this doesn’t ensure ultimate protection, but if awareness of these breaches is raised, there’s still hope that they’ll play a part in saving valuable information.

Basic cybersecurity behavior & ethics ought to be a school level subject. Thoughts? https://t.co/R4g36juIJa

— Krish Ashok (@krishashok) August 25, 2019