Building a Security Awareness Program in the Education Sector


There are few things as important to the professional development of people as the education sector. Despite this importance, the education sector is currently the industry most victimized by ransomware attacks and among the top three industries targeted by data breaching hackers. Using this revelation as a backdrop, it is clear that more focus needs to be placed on building security awareness programs in the education sector.

This article will address three points: How do we begin building security awareness concepts from within education? What are three steps required in the short term to promote security awareness in education? What does the future landscape of security awareness in education look like?

How Do We Begin Building Security Awareness Concepts From Within Education?

To begin to answer this question, we first need to look at the risk level of the industry and what areas are at most risk. Some food for thought:

  • A recent database breach of a major state university revealed 287,570 records of students, staff and faculty affiliated with the university
  • According to the 2017 Verizon Enterprises Data Breach Investigations report, 26% of higher education institutions had cyber-espionage present. This figure is significantly higher than the value given to human error
  • The education sector is the industry ranked #3 in the list of those most targeted for data breaches, with only the finance and healthcare industries being targeted at a higher rate
  • Each stolen or lost data record costs educational institutions approximately $246

This glaring lack of strong information security in the education sector is compounded by the information security weakness present in education sector employees and staff. In 2017, a State of Privacy and Security Awareness survey was offered to 1,011 employees in the education sector of the United States that exposed some concerning issues. Consider this (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Greg Belding. Read the original post at: