The Rise of Education Data Breaches

Schools are valuable because of the knowledge they can provide. To hackers, schools are valuable because of the data they can provide. That data — not just student grades, but student and employee Social Security numbers, employee bank account numbers, and other personally identifiable information — makes educational institutions the third most frequent target of hackers, just after healthcare and financial services.

A Growing Risk of Breaches

The frequency of attacks and the scope of losses is increasing. In the first six months of 2017, education sector data breaches doubled in number. Attacks have hit schools at all levels. Public school systems in Texas and Cape Cod suffered breaches exposing the data of hundreds and thousands of students, respectively. Leading institutions of higher education have also been breached, with incidents leading to the Stanford Graduate School of Business exposing 14 terabytes of data from financial aid applications and the Medical College of Wisconsin compromising patient data.

High Cost of Education Data Breaches

Schools face high costs as a result of data breaches. A study by the Ponemon Institute shows that the average cost of a data breach is $141 per record, but in education it typically reaches $200 per record (and has been even higher, with the four-year price averaging $260).

Exact costs depend upon the extent of a data breach, how much time it takes to identify and contain the breach, and the expenses incurred when notifying victims and resolving lawsuits. Unlike other industries, the education sector rarely experiences the hidden costs that stem from unexpected loss of customers after a data breach.

Challenges to Preventing Data Breaches in Education

Most of the breaches experienced by educational institutions involve disclosing personal information about students and employees, while about a quarter exposed intellectual property. The educational environment has several unique challenges that must be addressed to protect its data. For example:

• The industry is based on the free exchange of information.
• Students and staff may be unsophisticated about technology and have limited technical skills.
• Students with technical skills may attempt hacking exploits for amusement.
• Systems are highly distributed across multiple schools in a district.
• School systems often lack a single application for managing student and employee identities.
• Users frequently have multiple roles within a school system, complicating identity management.
• There’s a significant change in the user population every year due to students graduating and new students enrolling.
• Remote access is required, with students and parents accessing systems from home computers and smartphones.

The biggest challenge is implementing robust security protocols while maintaining a culture of openness.

Encryption is Key to Reducing the Cost of Breaches

One of the most effective ways to reduce the cost of a data breach is through the use of encryption to protect the data. By using encryption, educational institutions ensure that authorized users who possess the encryption key are able to read the data (while the data remains unreadable to anyone else). The Ponemon Institute’s 2017 study shows that using encryption decreases the cost of a data breach by $16 per record.

Making sure encryption provides full protection requires you to keep the keys protected and to apply the encryption to all sensitive data. Zettaset offers data encryption solutions designed and optimized for today’s complex and demanding distributed computing architectures. Through the use of encryption from Zettaset, schools can ensure they protect their data, their employees and their students. Click here to learn more about Zettaset and to arrange a product demo.