Student Data Breach Danger Also Impacts Businesses

Student data breach danger brings unexpected cybersecurity hazards to every business

---

Not many schools were ready for the sudden shift to distance learning that came in the wake of the global pandemic. Not only did it create a mad scramble for equipment, software, and cloud-based services, it required schools to digitally collect and handle a great deal of information about students and parents that they weren’t prepared to safely store –  and that creates student data breach danger that affects families and businesses. 

Cybersecurity Isn’t in the Curriculum

K – 12 schools traditionally don’t pay much attention to cybersecurity, either in the way that they store student data or in security awareness training for teachers and students. That’s because they’re both chronically short on funding and historically not really a target for cybercrime. Universities have been a more likely target for bad actors, especially universities with prominent medical and technology research programs, and tend to have commensurately better cybersecurity. 

But no one was prepared for COVID-19. The transition to online learning has been a goldmine for cybercriminals.  A recent spate of ransomware attacks, including a devastating attack on COVID-19 research at the University of California San Francisco, has shown cybercriminals that they can score some big paydays from institutions that have valuable data and less effective cybersecurity than many businesses – in this case, not only were the thieves able to steal general and student data plus score a $1.14 million ransom, they were also able to snatch valuable COVID-19 research data that sells for a pretty penny in Dark Web data markets. 

---

Mark School Cybersecurity Plans Incomplete 

---

This deficiency is leading to a cascade of cybersecurity incidents involving student and parent information that can impact businesses now and in the future. Poor cybersecurity in education means that reams of new student and parent data is being dumped every day on the Dark Web from data breaches at individual public and private schools, testing centers, school district offices, college bookstores, even student athletics agencies.

Everyone’s Being Graded on the Same Curve 

So, why should this be a concern for businesses – how does a data breach at a middle school endanger a company’s data and systems?  A sudden influx of new personal information and stolen credentials helps make cyberattacks stronger and more accurate. Personal information isn’t any less damaging when it’s stolen from an elementary school instead of a business services vendor – it’s still a third party data breach that can impact a business because it adds fuel to cybercrimes that can target businesses that are driven by information on the Dark Web like:

• Spear Phishing – Personal information, especially unique, detailed personal information, is great fuel for spear phishing attacks – and phishing attacks have increased by more than 600% since the start of the pandemic.  
• Credential Stuffing – More available passwords and logins give cybercriminals more ammunition to use as they throw possible usernames and passwords at your security in credential stuffing attacks – in the media sector alone there’s been a 63% increase in credential stuffing in the first half of 2020. 
• Password Cracking – A larger population of available passwords allows cybercriminals to improve password cracking software and gives them a bigger pool to draw potential passwords from when trying to access highly privileged accounts – because 65% of us reuse the same password across multiple sites for “convenience”. 

---

Become the Teacher’s Pet 

---

Go to the head of the class when you add three cybersecurity essentials that help defend your company against cybercrimes driven by Dark Web activity (which has dramatically increased since the start of 2020).

Introduction to Securing Identity and Access Management– If you don’t already have multifactor authentication in place, what are you waiting for? Password sharing and recycling is a major danger to any business. Add the powerful protection of Passly to your security stack to add a crucial extra layer of protection between bad actors and your data, to guard against potentially cracked passwords, successful phishing attempts, and credential stuffing attacks with one easy, affordable solution. 

Monitoring Staff Credentials 101– The best way to stop an attack that’s fueled by data stolen in a student data breach, or an incident at any third party vendor, is to monitor your staff’s login credentials for compromise with Dark Web ID. Over 65% of the information that’s on the Dark Web today could damage businesses and more is flooding in daily. Get 24/7/365 human and machine intelligence on your side to look for your staff’s credentials in Dark Web Markets and alert you if they appear.

Honors Phishing Resistance – 90% of incidents that end in a data breach start with a phishing email. Train staffers to spot and stop phishing emails with BullPhish ID. This dynamic training and testing solution includes everything companies need for anti-phishing campaigns, including over 80 plug-and-play phishing kits to deploy inside your organization for testing, plus engaging video lessons about phishing threats (including COVID-19 threats) and online quizzes to determine who needs more help.  

A student data breach isn’t just a danger to your business today, it’s also a danger to your business in the future. After all, you may be employing their parents right now, but in the future this era’s students with potentially compromised personal information will be knocking at your door as they become the next generation of the workforce.  

---

---