When you send your precious 5 year old off to Kindergarten this year, not only do you need to worry about bullying, drugs and homework, now add hacking their personal identifiable information (PII) to the list.
We’ve read or experienced cyber-attacks on our banks, retail shops, hospitals and healthcare, and now education is the next target.
Why is education the next target?
In the August 30, 2016 Identity Theft Report Center report, reported educational breaches (private or public pre-school through university level) ranks #3 for breach categories.
The majority of breaches do not have the number of exposed records identified yet, so don’t be surprised to see education move to #2 on the list when the forensics and reporting is done.
K-12; Innocents, Identity and Information
Most K-12 schools have little or no real data protection from outside or inside attacks. This makes them an easy target. The fact that schools and districts house both PII including name, address, social security numbers, along with medical/healthcare information makes them a lucrative target for selling this information (read, What’s my Information Worth on the Dark Web).
“A child's Social Security number can be used by identity thieves to apply for government benefits, open bank and credit card accounts, apply for a loan or utility service, or rent a place to live,” says the Federal Trade Commission.
It’s hard to detect an identity theft crime on children. It’s not on most parents check lists to “check for fraud.” What’s worse is that the fraud can last for decades before it’s detected. According to the Identity Theft Resource Center:
“Even if the matter gets resolved, it can mean your child will be burdened with a black mark on his credit that he’ll have to explain at every turn, and can even mean his first real credit card may carry a punitively high interest rate.”
In 2003, identity theft for children was 35 times that of adults, 15% of the thefts were on children younger than 5 years old. One 19 year old found out that she had over $1 million in fraud committed against her starting at the age of nine. Imagine what it is now!
Graduating on to University Hacking
At the college and university level, cyber security takes on several different directions. There is still the vast storage of thousands of current student records that include financial and healthcare information. On top of this, think of the historical data on file - often still on paper, housed in unsecured offices and warehouses containing past student records.
Additionally, for research institutions hacking may have a higher payoff of gaining access to confidential and proprietary research. However, most research institutions, do have physical and cyber security barriers in place to deter this.
It’s not a surprise that recent studies show that Universities and Colleges are moving to the #2 target.
What is the Solution for Parents and Students?
While you can do little about your children’s personal and medical information that schools have, you can monitor it through credit reports. The sooner you find a fraud attack, the faster and cheaper it is to stop and recover.
What is the Solution for IT, InfoSec Pros?
Just like all businesses today, protect everywhere. Realize you're not going to stop mobile, Cloud and BYOD; it's time to create a plan to protect the external and internal threats.
IT's time education Invests in education --- for the IT team.
Consider a contract with Managed Service Security Provider (MSSP) that can monitor and detect threats 24/7/365 and has the latest tools along with a highly trained cyber security team.
Know your baseline traffic, by knowing what’s ‘normal’ anomalies can be detected and researched.Start learning how to measure your baseline traffic today. Download Tim O’Neill’s free white paper, How to See Your Baseline Traffic.