In May of 2017, The Economist declared that data has replaced oil as the most valuable resource in the world. This means organizations that keep a lot of data, such as schools, are at significant risk from those trying to steal it. Districts and individuals who follow best practices for protecting student data and teacher data, however, can help stave off many threats.
The Numbers Behind the Why
In 2018 alone, K-12 schools reported 122 cyber attacks, resulting in “the theft of millions of taxpayer dollars, stolen identifies, tax fraud and altered school records,” per an article in Campus Safety magazine. Just one of those attacks affected 500,000 students and staff in the San Diego Unified School District, where names, dates of birth, Social Security numbers, mailing and home addresses, phone numbers, health information and legal notices were stolen.
Those 122 cyber attacks were just the successful ones. In May 2018, the K-12 Chief Information Officer at the Kentucky Office of Education Technology testified to Congress that four billion attempted attacks had been launched against Kentucky’s education data infrastructure over the last academic year. It was also reported that phishing attacks had increased 85 percent from the previous year (see our previous blog posts on phishing techniques, Part 1 and Part 2).
Why Teachers are at Risk
Teachers are targets because of the vast amount of demographic and administrative data that the school or district collects including teachers’ names, addresses, dates of birth, photos, Social Security numbers, banking information, performance data, health conditions, education credit information, and work records. Stealing this information can lead to identity theft and financial fraud. For example, recently hackers infiltrated the Cleveland school district’s payroll system, and were able to steal a large number of employee paychecks. Hackers did the same to teachers in the Atlanta Public School district.
Why Students are at Risk
Like teacher data, student data is also vulnerable as schools collect an ever-growing amount of information to meet state and federal requirements. Protecting student data is important as it can be particularly attractive to hackers due to clean credit histories and the availability of hard-to-collect information such as students’ mothers’ maiden names. How profitable can hacking be? According to a report from the Parent Coalition for Student Privacy, a child’s Social Security number can be sold for $25 to $35 on the dark web. Multiply this by hundreds or even thousands of students, and one school’s data base can be worth six figures.
How To Start Protecting Student Data, and Teacher Data
Protecting student data, and teacher data, is an ongoing job that involves a lot of time and resources. At the very least, you should incorporate the following seven best practices for protecting student data, and teacher data, as soon as you can.
1. Secure Devices
While network protection may seem like your first priority, protecting your physical assets is just as important. A stolen computer can include a goldmine of data. As we wrote in a previous blog post, “The mere presence of physical safeguards will strongly discourage malicious acts and provide peace of mind for those in the school.” Keep unused computers locked safely, and track all the hardware you have. You can’t protect what you don’t know you have.
2. Encrypt Everything
Encryption scrambles text to make it unreadable by anyone other than those with the keys to decode it. By keeping back-up files as well as emails and shared files encrypted, hackers will be unable to read them, should they gain access to them.
3. Make Strong Passwords
As we’ve reported previously, 60% of people use the same passwords for everything and 81% of data breaches are due to weak, default or stolen passwords. Too many people repeat the same password over and over, so if one password is stolen, many sites are compromised. Other users choose passwords that are easy to remember, but also easy to guess. A password manager can be a critical tool in creating impossible-to-replicate passwords.
4. Back-Up Data
The easiest way to thwart a ransomware scheme is to have a back-up of your data. Back-ups also protect you from any sort of disaster, whether natural or hacker-originated. Cloud computing can make backing up data, and restoring it later, much easier. Complete cloud migration now can eliminate a lot of headaches later.
5. Educate Staff
Most data breaches stem from human error. For example, the 2017 Equifax data breach, one of the biggest in recent memory, was blamed on a single employee failing to follow security warnings. Even the most senior IT professional can make a mistake, but the more someone knows about threats, the less of a chance they will fall victim to one. That’s why training your staff on best practices, such as how to spot a phishing email, or what not to divulge on social media, can make a big difference.
6. Educate Students
Not all students may fully understand the criminality of cybercrime, whether they are attempting to hack a school’s network or conducting a DDoS attack as a prank (which is exactly what happened to the school district in St. Charles, Illinois). Per an article on educational tech news provider EdSurge, “Students could potentially piggyback onto unsecured WiFi networks without ever leaving school property, making them susceptible to cybercrime. Providing lessons in ‘digital citizenship’… can go a long way to help protect school assets and the student’s identity.”
7. Call Single Path
Most districts have limited expertise or resources to plan, implement and share the processes needed to protect their teachers and students. Often, a third-party provider will best be able to monitor, manage and protect the school or district. At Single Path, that’s exactly what we have done for many school districts, such as Great Lakes Academy in Chicago. Our comprehensive suite of services, including managed cloud services and security offerings are designed for businesses and schools to assess, prepare and protect against risk. Let us help you start protecting student data and more.