Why Is Cybersecurity Important in Education?
Cybersecurity is crucial in any business setting, but especially in education. Cyberattacks not only compromise the safety and security of teachers and school administrations, but also the privacy of students—particularly minors in K–12 institutions. Today millions of students are learning through technology in hybrid, remote, or in-class environments, which is why keeping their devices secure is paramount for students’ learning experiences and teachers’ work.
Common Cyber Incidents
The educational sector saw an incredible rise in cyberattacks during the COVID-19 pandemic as more and more people started using connected devices for school. K–12 schools endured a variety of incidents, from ransomware to data breaches to phishing.1
Note: “Other” includes malware, meeting invasions, and website and social media defacement.
These additional statistics only brush the surface on why cybersecurity is so important in education.
- One in three education devices contains sensitive data.2
- In a study of 5,400 IT decision-makers across 30 countries, education sectors are the most likely to admit security weaknesses.3
- 44% of IT managers in the education sector experienced a ransomware attack. This is the highest level of attack compared to a variety of other industries such as healthcare, IT, and local government.3
- 87% of educational establishments have experienced at least one attack.4
- Among all industries, the education sector is one of the least secure, and schools are the second most lucrative target for ransomware.4
Cybersecurity in K–12 and Higher Education
Cybersecurity varies slightly between K–12 and higher education but is equally important. Keeping student information secure is especially vital for those under the age of 18 in K–12 institutions. While the Family Educational Rights and Privacy Act (FERPA) of 1974 protects student records, it doesn’t require K–12 schools to adopt specific security protocols. Some states have individual laws that protect students online, like the Student Online Personal Information Protection Act (SOPIPA) in the United States,5 but these laws aren’t enforced at a federal level, often leaving an individual school district’s IT staff to protect student and teacher data and privacy.
In higher education, students and faculty usually bring their own devices, which require additional security and individual due diligence. Students and faculty have to not only think about keeping their personal data safe, but feel confident in their institution keeping their privacy secure as well. This is also especially important for students and teachers who travel around campus and get their work done on and off campus, like in off-site research labs.
How to Increase Safety
There are a few ways IT professionals in education can protect students from cybercriminals. For younger students, having good security hygiene can help keep them safe from a cyberattack. However, being able to spot scams can only help protect students so much, which is why IT staff should look into using devices with hardware-based security features or even adopting a Device as a Service (DaaS) management system.