Incident Of The Week: Educational Infrastructures At Risk Of Invasive Breaches

May 15, 2020

On May 14, information was released about a security breach across the San Dieguito Union High School District (SDUHSD). The breach affected an undisclosed number of employee email accounts which included such personal information as names, addresses, social security numbers, login information, medical information, and more. Although it isn’t known precisely which information was stolen and if it has been used, SDUHSD is notifying those affected by mail and offering free credit monitoring.

In addition, SDUHSD is updating its current data system security measures and educating their employees on how to keep the information they are responsible for safe and private.

A Pre-Coronavirus Problem

Interestingly, a report put out by Netwrix two days prior highlights the growing data and security risks that educational organizations are vulnerable to during this time of COVID-19, distance learning, and an increase in cloud technology activity. A glaring admission contained in the report states that 54% of educational sector IT professionals are aware that district employees are compromising sensitive data by utilizing cloud apps unknown or unapproved by IT.

While it is not confirmed that the SDUHSD breaches fell within this category, the report highlights other grim statistics regarding student and staff data safety. Surprisingly, 82% of educational organizations track data sharing manually or not at all, and 50% experienced a data breach due to unauthorized data sharing in 2019.

COVID-19 Increases Data Incidents Due To Distance Learning

As educators are scrambling to create distance learning curriculum, they are being thrust into a world of technology that they are not all well-versed or trained in. Such a quick transition to online learning opens doors for malicious players and hackers to take advantage of this new vulnerable group.

See Related: How To Keep Remote Workers Secure During COVID-19 And Other Crises

Berkeley Unified and Oakland Unified, both in the San Francisco Bay Area, learned this the hard way last week when two data breaches occurred during virtual classroom meetings. Berkeley Unified has suspended Zoom and Google Meets after a man obtained the classroom meeting ID and password, exposed himself and spouted racial slurs before being removed from Zoom by the teacher.

School districts and teachers aren’t the only vulnerable group, however, as “Zoombombings” are dominating the headlines. Zoom offers tips, tricks, and is ramping up their security efforts in order to keep their users safe, but ultimately, it is up to the district to invest in measures beyond what virtual meeting platforms offer. This includes training, strong data policies, and a “back to basics” approach to IT security.

How To Keep Online Infrastructure Safe

Districts can keep their students and staff safe by ensuring all login information is secure. When states were ordered to move to online learning, in their haste, and in order to reach parent and students in the most efficient way, many schools posted login information on their website or through mailers.

See Related: Top 8 Industries Reporting Data Breaches In The First Half Of 2019

Steve Dickson, CEO at Netwrix, offers a three-pronged approach to ensuring student and data security. First, they need to understand what sensitive data they have, and classify it by its level of sensitivity and value to the organization. Second, they need to ensure that the data is stored securely, prioritizing the most important data. And last, they need to adopt healthy security practices for granting permissions in order to avoid data overexposure"

The Netwrix report also found that only 8% of respondents have developed cybersecurity and risk KPIs to evaluate and track security success. For the foreseeable future, district learning and a cloud-based approach to education is here to stay. Districts must create a security structure that is akin to a more typical enterprise, up to and including the hiring of a CISO and other security operatives. 

Read the original article and additional information at Cyber Security Hub