The education sector has become one of the hardest-hit industries when it comes to cybersecurity threats. According to Verizon’s annual Data Breach Investigations Report (DBIR), education is experiencing a dramatic increase in ransomware attacks, accounting for over 30% of all breaches. The goal of 95% of these incidents was to extort and steal school funds.
The increasing adoption of remote learning technologies spurred criminals to constantly bombard institutions and universities with ransomware, phishing scams, and social engineering attacks. They’ve even gone so far as to attack daycare centers and nurseries in Canada and the UK.
Hackers will try to steal student records and employee information, which they sell to the highest bidders in the black market.
The Consequences of an Unprotected School System
Here are the facts:
- According to research, 2021 saw the research and education sectors as the top targets for cyber attackers.
- Averaging 1605 attacks per week, this slew of attacks against the education sector was a 75% increase from the previous year.
- One of the major contributing factors to the increase in cyberattacks on schools is the not-so-new normal, as more schools are shifting to remote schooling.
- Liz Miller, an analyst for Constellation Research, says that the new normal has “forced educators into being accidental CIOs.” At the time, institutions that were not ‘cyber secure’ desperately bid to quickly move students, teachers, and staff into a learn-from-home setup.
- Colleges and educational institutions pay an average of $112,000 in ransom to get their data back.
- The average cost of resolving an attack, however, has grown to about $2.7 million per incident.
- A student’s untarnished credit report is a goldmine for hackers, opening up the opportunity for a profitable identity theft operation.
- As a result, student records on the black market often cost upwards of $300 per record.
At its core, cyberattacks on schools have one thing in common – the promise of payment and profit. Because of that, recent cyber threats to the education sector can result in very high ransom demands and remediation costs. Below are some examples:
- A Ryuk ransomware attack in the latter part of 2020 left Baltimore County Public Schools with $9.7M total recovery costs a year after the incident.
- In March 2021, the Buffalo School Board approved a $9.4M spend on an external IT consultant’s service in response to a ransomware attack.
- A school district in Texas paid $547,045.61 as ransom in response to a ransomware attack in June 2021. The school district explained that it was to “protect sensitive, identifiable information from being published.”
Worst case scenario? The institution under attack closes down, which is what happened to Lincoln College in Illinois. Already reeling from the financial crisis, a ransomware attack took about $100,000 from their already depleted funds and affected their systems throughout the enrollment period. With a heavy heart, the school board had to vote to close the institution at the end of the 2022 spring semester, after 137 years of molding achievers, most of whom were from the Black community.
Securing School Records and Data
An email backup and archiving solution is essential to counteract cyber-attacks. Here’s how such solutions protect school data and help students and faculty alike:
- Backup and archiving solutions protect against data loss from any external threat attack or even accidental/malicious deletion by teachers and faculty.
- A robust backup and archiving system helps secure and facilitate remote learning. Both educators and students need repositories where they can safely and securely store school documents and access them anywhere, anytime.
- Backup and archiving tools grant educators greater accessibility. Lesson plans, student projects, and research documents become readily available for educators and students alike, in a consistent, reliable, and centralized location.
- It also helps school districts avoid coercion to pay ransom to get their data back. A school district’s lifeblood is the government’s money (for public institutions) or the matriculation fees students pay (for private and higher education schools). For several public institutions and community colleges, paying a ransom to get student data back might result in dire consequences.
- Lastly, backup and archiving solutions allow institutions to document relevant information for cases of cyberbullying, indecent conduct, and misappropriations. If the court requests evidence of the issues mentioned earlier, institutions can present them and spare themselves from non-compliance penalties and sanctions.
Compliance Regulations for Schools
The education sector has its fair share of regulations to deal with as well. Three primary federal laws deal with student privacy and local educational agencies (LEAs):
- Family Educational Rights and Privacy Act (FERPA) – Passed initially in 1974, it focuses on “the protection of student education records, and grants access rights to parents up until the student reaches the age of 18, at which point the rights [are transferred] to the student.”
- Protection of Pupil Rights Amendment (PPRA) – This law allows parents to limit the personal information that schools may collect from their students. This law is not to be confused with FERPA as PPRA “protects information that schools do not have but can collect for surveys,” while the latter “protects information the school already has on record.”
- Children’s Online Privacy Protection Act (COPPA) – This regulation protects young children’s data by requiring operators of online services, websites, games, or mobile applications to “obtain permission from parents before collecting personal information online from children under 13.”
One could also argue that the California Consumer Protection Act (CCPA) also protects student data, albeit indirectly and only in the state of California. The CCPA outlines consumer rights concerning what personal data the businesses they interact with collect. But while these protections do not specifically apply to students, EdTech providers are still under the scope of this California-based regulation.
The same applies to the UK and EU’s General Data Protection Regulation (GDPR). Providers in the education sector protect sensitive data, such as contact data and health information of students, pupils, learners, carers, and staff.
Backup and Archiving for the Education Sector
Damage, corruption, or deletion of data from the education sector can result in some if not all of the following consequences:
- Lost curriculum and coursework
- Inability of the school district to manage and supervise staff and educators
- Breached contracts due to missed obligations
- Negative publicity caused by exposure of student’s personally identifiable information (PII)
- Risk of lawsuits due to security non-compliance
Backup and archiving solutions play a vital role in ensuring security and protection against cybersecurity attacks on schools like ransomware attacks, or risks like accidental deletions. Without this ‘insurance’ system, the education sector becomes more susceptible to the previously stated consequences.
Dropsuite specializes in helping the education sector keep its highly sensitive data safe, secure, and protected. Dropsuite uses a cloud-based solution built from the ground up by engineers to efficiently backup, store, preserve and, if necessary, quickly restore student data at a moment’s notice across a range of cloud-based ecosystems: Microsoft 365, Google Workspace, IMAP-POP, and Hosted Exchange.
Dropsuite’s easy-to-use, secure, and scalable backup and recovery tools also provide business continuity for the education sector. Dropsuite allows IT teams in learning institutions to set retention rates that are as long as necessary to legally maintain education-related data and compliance and assist in remote learning.
Dropsuite also enables companies to document relevant information for cases of cyberbullying, indecent conduct, and misappropriations with longevity. Regarding lawsuits, investigations, and discovery processes, IT teams in educational institutions can put legal or time-based holds in any platform where pertinent institutional and student data is stored.
Dropsuite’s automated backup and archiving system can easily be set up, even for schools with a tight budget. Dropsuite provides industry-leading backup and recovery solutions for a very low cost-per-seat license, coupled with military-grade encryption that ensures data security both in transit and at rest.
Learn more about how Dropsuite can protect your school district or institution now. Contact our experts here.