Learning curve: Security awareness in education
In education the goal is twofold, to bestow knowledge and protect the well-being of the student body. Unfortunately, as reports of data compromise in education continue to climb, these security awareness gaps can betray that very interest.
According to the U.S. Department of Education, the Family Educational Rights and Privacy Act (FERPA) has been amended nine times since the law went into effect.
Additionally, as new laws come into play such as GDPR on May 25, it’s difficult for schools to stay current with the changes and understand the dos and don’ts of these regulations.
Important Facts About PII and Education — Security Awareness Matters
- FERPA was passed by Congress to protect students and their Personal Identifiable Information (PII)
- Successful phishing attacks on educational institutions put student PII at risk
- For Cybercriminals, PII is one of the most valuable assets on the dark web
- PII of a minor is an even more lucrative asset to obtain, as the theft can often go undetected for years, further exposing students as vulnerable targets
- Unlawful access to students PII puts their future at risk as well as their personal rights and safety
The Human Impact — Poor Security Hygiene Risks Breach
Verizon’s 2018 Data Breach Report estimated that of the breaches investigated featuring a social engineering component, 70 percent involved phishing scams. Transforming an administration into the trusted gatekeepers of your data begins with training and education. The key performance indicators to improve your staff’s security posture start with:
- Compliance with FERPA and other regulatory laws
- Communicating the repercussions of non-compliance
- Understanding the fundamentals of phishing scams
- Creating awareness as to why Education is targeted by hackers
The Truth About Education and Social Engineering
Last year in the education sector, 44 percent of breaches were caused by social engineering attacks. Social engineering plays on the human psychology element, relying on the end-user to overlook the scam indicators and unknowingly divulge private information. These missteps often put the institution in violation of FERPA compliance, and risk network breaches. Bundling a consistent compliance program with security awareness best practices results in a powerful plan of action to mitigate risk.
Why Social Engineering Is Prevalent in Education:
- Staff with little to no security awareness training have access to valuable student data
- Frequent interactions with the public and other education branches to grant PII requests is not uncommon
- Fundamental misunderstanding of their contribution to their school’s security posture
- Phishing attacks happen to good people — most staff members working in education genuinely want to be helpful and prompt with requests, especially when pressured with “time-sensitive” matters for students
The Path to Compliance — Driving Change With a Personalized Program
Developing an awareness program with calculable ROI begins with assessment. Once you establish a baseline test of your learners’ susceptibility to phishing attacks, with Infosec IQ you can build your program around the pain-points and implement change.
Educators can attest that all students have different learning styles. With security awareness training the same holds true, it’s not one-size-fits all. The key to moving the needle from non-compliance to healthy suspicion requires a shift in end-user behavior.
Infosec IQ: For Educators Program
Infosec IQ has designed an interactive awareness program specifically tailored for Education. With customizable resources you’ll provide a comprehensive training program seamlessly tied to meeting compliance needs and maximizing learner engagement. Turn your administration into security champions!
For Educators Program Includes:
- All student seats in your institution enroll with Infosec IQ FREE
- White glove program service from our Client Success Team
- A personalized workplan post-baseline risk assessment
- Industry specific training modules and assessments from our For Educators Series
- FERPA training resources
- GDPR compliance kit
- Access to 1300+ Library Resources
- And more!
Students Also Hold the Torch of Security Responsibility
Infosec has been in education for over 20 years. Our core values are rooted in the importance of education. With Infosec IQ, we’ve developed coursework from our award-winning programs to implement an awareness program designed specifically for your students. Infosec IQ will teach them to become the guardians of their own data and help keep your network safe in the process.
The U.S. Department of Education estimates that the average public school student: teacher ratio is 16:1. With a student population 16 times larger than that of its staff, when it comes to security awareness — no child left behind!