3 million records a year are stolen in the educational sector – and that number is growing
The education sector is significantly lagging behind when it comes to cybersecurity. Cybercriminals know that schools have limited resources, but mounds of financial and personal data that are easily accessible. According to ED Guards’ Education Industry Cyber Incidents Report for 2018, 3 million records on average are stolen per year in the educational sector. And the number is growing.
In July, the U.S. Department of Education revealed that 62 colleges and universities were hacked by cybercriminals who gained access to student information via malicious requests on the internet, with reports claiming at least 600 fake or fraudulent student accounts were created in a 24-hour period and used for criminal activity almost immediately.
Strained resources are making it difficult for colleges, universities, and K-12 schools to defend themselves against cyberattacks, especially as they become increasingly more complex and targeted. According to an analyst from Education Dive, this lack of resources is contributing to an upward trend in cyberattacks on educational institutions.
IT shortages – Most schools have small IT teams, who are not only responsible for protecting hundreds to thousands of devices, but whose time is taken up solving daily issues around improving internet connectivity, distributing devices, and repairing them. Little to no time is left for managing cybersecurity issues. Also battling budget constraints, the teams remain small and less equipped than typical businesses or government agencies to deal with major cyberthreats.
Endless entry points – Widespread internet use by faculty, students, staff, and visitors across the school network adds many points of vulnerability. School and university public Wi-Fi networks create another avenue for attack, along with uniform email accounts with predictable handles that make it easy for cybercriminals to send mass phishing emails targeting students and faculty.
Insufficient funding – It’s common knowledge that the education sector is often strapped for cash. With underpaid staff and underfunded programs, it can be difficult or nearly impossible to secure additional budget for a proactive security strategy.
For Operations Director Ted Burrows from Harrap ICT (pictured), an IT service provider for K-12 schools across the United Kingdom, staying within school budgets is a top challenge. He recently shared his educational security strategies for managing 400 schools with Avast Business.
“With threats like crypto-ransomware and phishing emails targeting schools, we need the ability to monitor, detect, and stop threats before any damage can be done,” he explains. “Our focus has always been finding the best value for the education sector without sacrificing protection, and we work hard to research and test solutions." Read more about Harrap ICT here.
Cybercriminals don’t discriminate when it comes to choosing an educational organization to target. K-12 school data is just as valuable as a university’s. Young children’s Social Security numbers are highly valued on the cybercrime black market, along with financial information and intellectual property found on a college network.
Criminals can sell any of this information on the darknet, use it for identity theft and credit card fraud, or hold it for ransom to obtain money.
All types of software can potentially lead to vulnerabilities within school systems. The newest teaching tools, accounting software, and grading applications require timely patching when new versions are released. School IT administrators struggle to keep up with testing and approving every update and patch while also handling daily technical issues on a small budget.
Deploying a managed antivirus solution to provide an aerial view of the entire network or unpatched endpoints can automate tasks for busy education IT teams. With hundreds and sometimes thousands of computers and devices, it can be hard to track down a specific issue. According to Harrap ICT’s Ted Burrows, Avast Business CloudCare has allowed his team to monitor their school systems much more closely than ever before.
“Monitoring is a key aspect of IT service management, as well as having visibility into the IT infrastructure. We needed a comprehensive security solution that included instant notifications, up-to-date virus definitions, and a view into every school network we manage. We found all of that in CloudCare and more,” Ted adds.
Want to know more about cybersecurity for schools? Contact an Avast Business cybersecurity specialist today.
The new Avast Cybersecurity Basics Training Quiz provides training on Data Security, Identity Management, and Social Media Security
How SMBs can effectively protect their networks from cyberthreats – without breaking their security budgets