Cybersecurity in Education

Improving cybersecurity is a top priority for organizations across all industries but is especially important in the education sector to help safeguard student and faculty privacy.

Cybersecurity Takeaways

  • Cyberattacks not only compromise the safety and security of teachers and school administrations, but also the privacy of students in K–12 and higher education.

  • Some state laws regulate student privacy and data protection in K–12 schools. But in higher education, students have to think about keeping their personal data safe and how their school can help protect them from cyberattacks.

  • Security hygiene is especially important for younger students who are learning how to be safe online. This is why it’s important to have a device with robust hardware-based security features.

author-image

By

Why Is Cybersecurity Important in Education?

Cybersecurity is crucial in any business setting, but especially in education. Cyberattacks not only compromise the safety and security of teachers and school administrations, but also the privacy of students—particularly minors in K–12 institutions. Today millions of students are learning through technology in hybrid, remote, or in-class environments, which is why keeping their devices secure is paramount for students’ learning experiences and teachers’ work.

Common Cyber Incidents

The educational sector saw an incredible rise in cyberattacks during the COVID-19 pandemic as more and more people started using connected devices for school. K–12 schools endured a variety of incidents, from ransomware to data breaches to phishing.1 

Note: “Other” includes malware, meeting invasions, and website and social media defacement.

These additional statistics only brush the surface on why cybersecurity is so important in education.

  • One in three education devices contains sensitive data.2
  • In a study of 5,400 IT decision-makers across 30 countries, education sectors are the most likely to admit security weaknesses.3
  • 44% of IT managers in the education sector experienced a ransomware attack. This is the highest level of attack compared to a variety of other industries such as healthcare, IT, and local government.3
  • 87% of educational establishments have experienced at least one attack.4
  • Among all industries, the education sector is one of the least secure, and schools are the second most lucrative target for ransomware.4

Cybersecurity in K–12 and Higher Education

Cybersecurity varies slightly between K–12 and higher education but is equally important. Keeping student information secure is especially vital for those under the age of 18 in K–12 institutions. While the Family Educational Rights and Privacy Act (FERPA) of 1974 protects student records, it doesn’t require K–12 schools to adopt specific security protocols. Some states have individual laws that protect students online, like the Student Online Personal Information Protection Act (SOPIPA) in the United States,5 but these laws aren’t enforced at a federal level, often leaving an individual school district’s IT staff to protect student and teacher data and privacy.

In higher education, students and faculty usually bring their own devices, which require additional security and individual due diligence. Students and faculty have to not only think about keeping their personal data safe, but feel confident in their institution keeping their privacy secure as well. This is also especially important for students and teachers who travel around campus and get their work done on and off campus, like in off-site research labs.

How to Increase Safety

There are a few ways IT professionals in education can protect students from cybercriminals. For younger students, having good security hygiene can help keep them safe from a cyberattack. However, being able to spot scams can only help protect students so much, which is why IT staff should look into using devices with hardware-based security features or even adopting a Device as a Service (DaaS) management system.

Proper Security Hygiene

Most adult users know not to click a suspicious link or put an unfamiliar USB flash drive into their devices, but younger students don’t always know better. Teaching younger students about cyber risks at an early age can lower their chances of getting attacked or hacked by a cybercriminal. Intel IT Information Security created the Online Safety for Kids program with this in mind. The program aims to encourage kids to learn about cyber risks with presentations, parent information, and quizzes that are appropriate for any students from age five and up.

Hardware-Based Security

Most industries—education included—rely on security software to protect themselves and their assets, but a hacker can also exploit vulnerabilities below the operating system (OS). Hardware-based security not only protects devices at the software level, but it also helps prevent malware injections below the OS. Hardware-based security shrinks the attack surface, which is any vector that an attacker can use to gain access to or compromise data. With hardware-based security severely limiting or eliminating the options for a potential attack, if a student accidentally clicks a bad link, their chances of staying protected increase.

The Intel vPro® platform offers several exclusive hardware-based security features like Intel® Active Management Technology (Intel® AMT) with Intel® Endpoint Management Assistant and Intel® Threat Detection Technology. These advanced, full-stack security features can help protect end user devices, data, and productivity, giving students, teachers, and IT staff peace of mind.

Device as a Service (DaaS)

IT staff know that technology is meant to act as an enabler of learning rather than a barrier, and DaaS solutions enabled by Intel vPro® can do exactly that. With DaaS, a third-party solution provider equips schools with all the end user devices they need, packaged with full remote device management and technical support. And with the Intel vPro® platform, DaaS customers get advanced hardware-based security with Intel® Hardware Shield. This frees up resources for the school’s IT staff, so they can focus on digital transformation projects that enable rich learning environments.

Intelligent Desktop Virtualization

Intelligent desktop virtualization (IDV) is a newer model for delivering virtualized computing environments, allowing IT to support the same number of end users while reducing the number of devices deployed. In an education setting, IT staff can cost-effectively support multiple PCs in a computer lab environment and benefit from centralized management on a back-end server. With less data in transit across the internet, schools can help reduce risk and exposure to cyberattacks.

ข้อมูลผลิตภัณฑ์และประสิทธิภาพ

1The State of K–12 Cybersecurity: 2020 Year in Review,” Douglas A. Levin, K–12 Cybersecurity Resource Center and the K12 Security Information Exchange, March 2021. https://k12cybersecure.com/wp-content/uploads/2021/03/StateofK12Cybersecurity-2020.pdf
2“Three key trends impacting K–12 IT and security,” absolute.com, date of access: October 2021. https://www.absolute.com/go/reports/endpoint-risk-report-education/
4“Cybersecurity in Education and Research Institutions,” StealthLabs, date of access: October 2021. https://www.stealthlabs.com/industries/education-research-institutions/
5“Privacy Bills by State Chart,” Parent Coalition for Student Privacy, January 2019. https://studentprivacymatters.org/1908-2/