Education is one of the most often targeted sectors for cyber threats, and a recent study ranked schools as having one of the highest rates of incidents. Many schools and school districts struggle to attract more funding and make ends meet, so digital threats are the least of their concerns. This sort of incident can seem ethereal and inconsequential, but threats to education’s digital infrastructure are threats to their staff, faculty, student body, and even their funding or bottom line.
School Server Protection
Some schools expect that most threats will target their student records, but a significant enough portion of hackers are more interested in employee records and administrative information. Human Resources records include W-2’s, which contain valuable tax information in almost any industry. Criminals will acquire these documents early in the year so that they can file fraudulent tax returns and have the return sum sent to them. While student records should be your top priority for state and local compliance, usually this information is not as valuable to cyber criminals with the exception of any included student medical records.
Per the scam discussed above, about 70% of cyber crime targeting education is motivated by financial incentives. However, an additional 20% of attacks on schools are a form of espionage. This information shocked us as well. Schemes such as the W-2 scam specifically target education institutions because of their necessary transparency, so it would seem counterintuitive that institutions turn to hacking for information gathering. The only solace is that most of these attempts target universities rather than high schools or lower. 72% incidents of outage or breach were due to hacking rather than human error. IT departments of educational institutions should keep this in mind when prioritizing equipment purchases and training.
Student Data Comes First
As we have mentioned, the inclination to “think of the children” first may be erroneous for this topic. Hackers are rarely motivated to target that data unless it shows significant monetary value or if the hacker themselves has a personal affiliation with the school. Your state regulations for handling student records will include rules regarding how long to maintain a student record, who must or must not have access, and how to transfer transcripts between institutions. So most organizations already have solutions and contingencies in place to cover compliance.
For all other records on file, if you haven’t extended the protective measures to these repositories, you are putting very valuable data at risk that sees heavy attacks on a daily basis. What’s more, not every state has an up-to-date regulatory law for student information, in which case your school or district should take it upon themselves to discover the most updated means of security. This due diligence can benefit not just the students but the teachers and the administrative staff.
Content Management is for All Departments
In order to save files from human error, regular backups must be scheduled for as often as possible. If regulatory compliance allows for it, consider backing up to multiple environments: such as locally, in the cloud, and on external drives. In addition to a monitored backup schedule, establish an access log at every terminal and workstation. Give login credentials to each staff member individually and train them about choosing secure passwords and not sharing their login information. If you are still worried about access from irresponsible or inappropriate parties within your organization, then you need to invest in document or content management.
Whether in the cloud, installed on-premise, or implemented in a hybrid environment, a content management solution solves multiple security problems at once. Contentverse has double layered encryption to keep your data safe from third parties trying to access the database. User access permissions can keep students and other department staff out of folders where they don’t belong. The solution also provides the option to assign a security manager for controlling that access. And with audit trail, redaction options, print-screen prevention, and version retention, compliance is not an issue when implementing content management for your formidable database of student, administrative, and personnel records.
Outside Threats vs Internal Threats
There are some key projects that must be undertaken to ensure data security and to prevent loss through disorganization. In order to implement most of these protection methods, you need at least some sort of dedicated IT team. Most big districts will have at least one systems and server expert who can spearhead these projects.
For any measures that can be taken at the system or network level, start by closing off access to outside parties. This entails taking many systems offline and disabling internet access either for those workstations or for those filing structures. If the latter, you will need to separate any necessarily online systems from the offline infrastructure. Sometimes this means completely separate servers, but it could also entail entirely different Local Area Networks. If your data is hosted by a third party, then do not use a multi-tenancy cloud server. In searching for a hosting provider, choose one who will allow your files or system to be installed on discreet drives.
An Ounce of Prevention
This is the name of the game: preparation and prevention. Too many schools wait to update their system until a data breach happens. By then, the damage has been done. Education is one of the most targeted sectors for cyber threats. If your school takes the security and privacy of its students and faculty seriously, then it’s obvious what the next steps are.
A version of this article was published as Cybersecurity for K-12 Education on June 14th, 2018.
FOR IMMEDIATE RELEASE Steve Harnden, Marketing Manager, Computhink 630.705.9050 x221, sharnden@computhink Lombard, IL, January 3, 2013 – Computhink, Inc., a leading provider of Electronic Document and Content Management Solutions to the small to mid-sizedRead more
Office space is shrinking. Companies have gone from the generous 500-700 square feet per employee in the 70-s to around 200 square feet today. Zappos allocates as little as 120 square feet to each employee.Read more
To keep your business running smoothly, you have to pay attention to how its underlying processes are being managed. How do you accomplish this? Through business process automation (BPA). I’m not just talking about theRead more
Regulatory compliance, whether governmental or a self-regulating body, has always been a primary concern of business. In recent years, a number of comprehensive regulations have come into effect due to financial scandals involving several financialRead more
Having access to your documents from anywhere is more than just a convenience. Content and document management software enables relationships with clients and co-workers to be more seamless and integrative, with assigned tasks and documentRead more
Microsoft’s SharePoint remains a great app for collaboration and file sharing, but when trying to expand capabilities users quickly find the ubiquitous biz application inflexible without a load of add-ons – add-ons that make theRead more
For most people, at least 1/4th of their time each week is spent in the office. As a result, it’s prudent to treat your office space like a second home. Clutter is a major distractionRead more
FOR IMMEDIATE RELEASE Steve Harnden, Marketing Manager, Computhink 630.705.9050 x221, sharnden@computhink CHICAGO, IL, July 24, 2013 – Computhink, a global provider of document and content management software, has rebranded their flagship product to Contentverse.Read more
Leave a Comment