Research

Education Does 'Worst' Job at Cybersecurity

• By Dian Schaffhauser
• 01/28/19

Education as a business does the worst job of cybersecurity compared to nearly all other major segments. The segment performed particularly poorly in three areas: maintaining patches on systems, securing applications and securing the network as a whole.

That's a problem, according to SecurityScorecard, a company that performs security ratings on IT infrastructure risks and benchmarks the threat data for various industries. For the education segment, the company analyzed 2,393 organizations with a footprint of at least 100 IP addresses between April and October 2018. Out of 17 industries evaluated, education came in "second to last in terms of total cybersecurity."

Among the data at risk: names, addresses, Social Security Numbers, test scores and behavioral assessments. The use of software-as-a-service by schools doesn't protect them. As the report noted, the growth in usage of computer-based assessments for learning also poses "extra privacy and cybersecurity concerns," because they collect information that can be used to identify students. Even dashboards "pose security risks" because of the increased number of people who have access to the data, especially in large districts.

The findings, according to a brief report issued on the subject, "show that although hackers have become increasingly deft at stealing school and student data, the education industry is no better prepared to deal with these malicious threats."

The report is available with registration on the SecurityScorecard website.