Education data breaches more than doubled in the first half of 2017, and that’s a worrisome statistic for students and teachers who are back in the classroom for a new school year.
The research by Gemalto, which tracks global incidents, showed that data breaches in the education sector jumped 103% compared to the last half of 2016. There were 118 successful attacks, accounting for 13% of all breaches – or about 640,000 compromised records.
Gemalto also reported that identity theft accounted for 74% of the breaches.
The education sector, especially colleges and universities, keeps a lot of valuable information on file ranging from student and staff names, addresses, medical information and birth dates, to banking and financial data, to innovative research. University systems often have their own medical centers, which suffer from a high rate of data breaches too.
How can educational institutions better protect confidential information?
- Take stock: Establish the different types of confidential information the institution holds, and put formal and comprehensive security policies in place.
- Think compliance: Stay informed about new and current laws and legislation. The new General Data Protection Regulation (GDPR), for example, will change the way schools handle data. It replaces the Data Protection Act in European Union (EU) countries and the U.K. in May 2018. But all organizations anywhere in the world that process personal information about EU residents must comply.
- Scale back: Privacy laws dictate that personal information should only be gathered and used for legitimate purposes. Keep only the information the institution needs.
- Protect it: Use a document management process so all data, in digital and paper format, is secured from creation to disposal. A retention policy should identify which documents must be kept and for how long. Mark records in storage with their destruction dates.
- Increase cyber security: The 2017 Data Breach Investigations Report (DBIR) by Verizon reported that cyber espionage was one of the leading causes of incidents on campuses and in schools. Prevention and detection tools are critical; keep everything up-to-date and patched. While educational institutions are all about learning and sharing information, consider network segmentation so the ‘student’ Wi-Fi channel has limited access to internal information.
- Educate: Educate students and staff about information security risks and best practices. The DBIR showed the biggest threats overall were hacking using stolen credentials, phishing via email, social media, and malware. Distributed Denial of Service (DDoS) attacks are a significant threat too. Provide on-going employee education highlighting these threats and others as well as security reminders for everyone on the campus.
- Have a breach response plan: Be ready to manage a security breach. Practice disaster and recovery plans, and always back up digital information.
- Destroy it: Have a formal procedure for information destruction. Partner with a document destruction company that provides a secure chain of custody and a documented process for both paper and hard drives and e-media destruction. Introduce a Shred-it all Policy so that all documents are securely destroyed automatically.
Start Protecting Your Business
To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.