According to a recent study, Education institutions continue to struggle with application security, endpoint security and patching cadence, according to the “2018 Education Cybersecurity Report,” conducted by the information security company SecurityScorecard.
“The results show that although hackers have become increasingly deft at stealing school and student data, the education industry is no better prepared to deal with these malicious threats,” the report’s authors conclude. “There is a growing concern because schools collect an incredible, and vastly increasing amount of personal data about students, to varying degrees.”
3 Points of Security Vulnerabilities in the Education Sector
As universities and schools increase their use of data analytics for initiatives related to student behavior management and academic performance, the amount of data they collect is growing, which worries security experts. “The lack of resources and attention to cybersecurity in schools and universities should be a cause for serious concern among students, parents, school boards, and the education industry as a whole,” said Sam Kassoumeh, COO and cofounder of SecurityScorecard. “Schools collect an incredible and vastly increasing amount of personal data about students…Securing these networks and protecting this information is essential to protect the future of innovation and privacy.”
In order to protect student data, here are three insights to get education institutions started on a more reliable security plan:
Application Security: Schools are relying more than ever on online applications for testing, data collection and analytics. Hackers will take advantage of application vulnerabilities, which means school districts and universities need to be aware of any in their networks and close them up. One way to do so is to build application security into system development. Incorporating vulnerability scans or penetration tests is another way to root out potential security flaws.
Endpoint Security: The number of personal devices used by students and faculty across both K–12 and higher education is increasing, expanding the number of vulnerable endpoints. These devices can be especially vulnerable because many people use the same devices to connect to home networks, which may offer less protection than campus networks. Endpoint security software allow schools and universities to more easily detect vulnerabilities and unify network management. Cybersecurity education programs are also crucial to ensure users are responsible at all times. Additionally, integrating endpoint segmentation can help to limit any damage if a device is compromised.
Patching Cadence: Updating software is essential. While patching can be a burden for education IT teams, especially those with fewer resources, there are programs that can help bear some of the weight. Security companies offer virtual patching programs that identify vulnerabilities and offer a quick fix until an IT member can complete the patch.A cybersecurity plan should reflect a holistic approach to student data protection.
“By incorporating technology and people, a robust program mitigates risks, while also ensuring ongoing education instills good security habits into employees, students, and their parents.”