Education industry ranks among top 5 in client data leaks - study

Education industry ranks among top 5 in client data leaks - study

Organisations operating in the education sector have leaked consumers’ data more than most other industries, according to an alarming new study.

The latest research by NordPass found that since late 2019, almost 520 education organisations have suffered data breaches during which various consumer data (e.g., email addresses, passwords, and usernames) was leaked. This places the education industry in fifth position among sectors with most client data leaks.

To conduct this study, NordPass partnered with independent third-party researchers who looked at which companies in the education and other industries in terms of their size, type, and origin are failing to secure consumers’ data the most.

Why schools are vulnerable targets

Tomas Smalakys, the CTO of NordPass said the education industry is particularly vulnerable to data leaks due to factors such as its vast size and the variety of data schools, universities and other educational institutions store.

“Additionally – and this is something we notice in a lot of industries – technology and cybersecurity is not at the forefront of the main challenges this sector faces,” Smalakys told The Educator. “The quality of teaching, students’ wellbeing, teachers’ wages and other things are more important than cybersecurity.”

When asked what measures principals can take to enhance their cybersecurity awareness, Smalakys said education is the most important element of cybersecurity.

“Talking about cybersecurity, understanding why data is important, why data breaches do happen, and what might be the consequences of it is a very good starting point. Most cybersecurity incidents happen not because of outdated systems or faulty technology - in fact, it happens because of human error,” he said.

“Therefore, even if your IT resources are limited, you can talk about the importance of making up a good password, which is the gatekeeper of our online world.”

Smalakys said this topic can even become entertaining if free online tools and resources are utilised, such as NordPass’ The most common passwords list.

“It’s a good idea to discuss why these passwords are poor, as well as check how quickly they can be cracked by bad actors.”

Where are your school’s weaknesses?

Smalakys highlighted the need for principals to assess their school’s cybersecurity needs to identify potential issues and determine where they might need to start.

“If the biggest worry is network security, I’d recommend starting there, or you might want to address the poor passwords that students and teachers are using. I recommend looking out for easy-to-use tools that will not overcomplicate daily life,” he said.

“Look out for the tools that are intuitive, easy to understand, and take user onboarding seriously. In addition to that, it’s a good idea to see what additional features a certain tool offers.”

Smalakys said an example of this might be looking out for biometrics access for the school’s password manager or storage solution, and seeing if the password manager will identify weak passwords.

“While industries face different challenges, solutions to them are usually more universal. Any organisations, be it schools or gas corporations, should start from the very basics – securing the network, accounts, and files,” he said.

“With these crucial cybersecurity elements improved, hackers’ chances to breach any organisation are lower. This holistic approach applies to organisations operating in the education field as well.”

Smalakys noted that there is a common misconception that cybersecurity is a complicated matter and cybersecurity tools could be adopted and implemented solely by tech-savvy people.

“The reality is different – many companies successfully invest in simplifying cybersecurity solutions so that both organisations and individuals can easily enhance their security online,” he said.

“Ensuring your passwords are strong and never reused for different accounts, going only for products that encrypt your data, replacing old devices, running system updates on time, and investing in network security could highly improve schools’ cyber resilience.”