Hackers are increasingly targeting the education industry, leaving students’ information vulnerable to identity theft and other types of fraud.
Colleges, training providers and other private educational companies received more malicious emails than any other sector in the first quarter of 2019, according to Mimecast, an email and data security company.
“Education information is really sensitive, nice information for hackers to have,” said Michael Madon, senior vice president of threat intelligence at Mimecast. “It’s personal information, health information, financial information — it’s a microcosm of someone’s life.”
Thousands of students' private information was exposed when education software company Pearson experienced a cyberattack in July. Regis University in Colorado recently shut down its phones, emails and website following an “external malicious threat. ” Hackers in July disabled the technology systems at Monroe College in New York and demanded $2 million in bitcoin.
Byers Market Newsletter
Get breaking news and insider analysis on the rapidly changing world of media and technology right to your inbox.
One survey found that half of education-vendor websites lack adequate security measures.
Hackers know students are often using personal and financial data for the first time and haven’t yet learned how to guard it, experts say.
“The biggest data security issue in education is the administration and teachers, who email personal information constantly,” said Dorothy Haraminac, a certified fraud examiner.
In addition, she said, personal phones and laptops are allowed to connect to the same Wi-Fi network as a school and its teachers’ computers. “Thousands of compromised devices walk through the door every day,” Haraminac said.
Students should avoid clicking on links in emails, Haraminac said. And before they engage with any attachments, they should make sure the sender’s address matches the one in their contacts. They should also avoid providing sensitive information over the phone — unless they made the call.
“Most importantly, take the time to understand the risks,” Haraminac said.
“Very little cyber hygiene training is done for students, and less for teachers and administrators,” she added. “When I was a high school math teacher, we had one hour one day in a year to go over ‘Googling yourself.’”
Fortunately, some states have recently introduced bills to address student data privacy.