When it comes to finding a one-stop shopping experience for a cyber-criminal it's hard to find a better target than an educational institution.
What makes these organisations such an inviting target is schools, both those of higher education and local school districts, hold in one place all the types of data prized by hackers, health care information, student and employee personally identifiable information (PII), research and even payment card data, according to a report by ESET researcher Lisa Myers.
The exact number of compromised records this has led to is not fully known.
“According to the Privacy Rights Clearinghouse, there were only 19 breaches in the education sector in 2016, comprising fewer than 65,000 records. But of these 19 breaches, 11 report an unknown number of records accessed, so their totals were not included,” Myers cited, noting that an additional 613,000 records were breached in five other incidents that were not included in the report.
This figure is likely to climb this year as so far in 2017 there have been dozens of educational institutions breached, primarily through W-2 phishing scams.
Although the W-2 attacks target worker tax PII, Myers noted that children are also high on a cyber-criminals' target list.
Myers listed a number of basic security steps educational organisations should take to secure the data to which they are entrusted, including updating installed software, network segmentation, require stronger authentication and authorisation and encryption. But focusing on the human aspect of the equation maybe the most important.
“With research showing that 52 percent of data breaches is a result of user error, it is important to make it mandatory for employees to take part in some sort of cyber education, she wrote.
She also suggested that staffers need oversight and should be checked to see if they function in a safe manner and if so they should be rewarded.