Insight

Data Breach Defense for Educational Institutions

Data Breach Defense for Educational Institutions

S. Wilson Quick

S. Wilson Quick

June 17, 2021 09:29 AM

The past 15 months have been extremely challenging for every industry, but that is especially true of educational institutions. Every level of education—from local school districts to the largest universities—has had to work to balance the safety of students, faculty and staff with their mission to provide high-quality education all the while knowing that every decision would be highly scrutinized and criticized. During this time of turmoil and uncertainty, many schools faced a challenge they were not expecting – a cyber attack.

Schools collect all sorts of personal and sensitive information about students and parents, making them prime targets for a security breach. In 2020, there were 408 publicly-disclosed data breaches or security attacks in K-12 schools, including student and staff data breaches, ransomware and other malware outbreaks, phishing attacks and a wide variety of other incidents, according to the nonprofit K-12 Cybersecurity Resource Center. This is an 18% increase over 2019. This data does not include cyber attacks at any institutions of higher education, but they are no less susceptible.

As the threat of COVID begins to lift, educational institutions need to shift more of their focus to applying the same preparation and planning as they did for the pandemic to defend against a cyber attack.

What are some steps educational institutions can take to minimize their risk?

There are a number of things that educational institutions can do to help limit their exposure to a cyber attack. First, schools — especially colleges and universities where there are more likely to be thousands of personal laptops, mobile phones, tablets and other devices connected to the network — should create, implement and enforce BYOD (bring your own device) policies that address everything from operating system updates to requirements for antivirus and other malware protection (pro-tip: offering free anti-virus software to all users on the system can go a long way in both encouraging and enhancing protection).

Educational institutions should also look into network segmentation if they have not done so already. This way if a cyber attack impacts one part of the network, it may not necessarily impact the whole network. For example, a college could segment the network so that if a hacker was able to access student housing records, the attacker would have no way of accessing student academic or health records.

It’s also important to make sure schools are allocating resources, including personnel, to focus on this issue. For the past year, many schools have understandably shifted their IT spending and employees to focus on expanding their remote learning capabilities. As the world is starting to return to normal, educational institutions need to reallocate at least some of those resources back to protecting from cyber attacks.

As schools examine their resources, they should also take a look at all of their vendor contracts related to IT services or online products. As an example, more schools are turning to third-party “cloud” solutions for data storage and software. While cloud storage has many security advantages, not all providers are created equal, especially when it comes to responding to a security incident. Review contracts to see who is held liable should there be a breach related to a vendor or service and consider renegotiating contracts if needed to limit exposure.

What should an educational institution do if it has been hacked or suspects a cyber attack?

The first thing a school should do is consult its incident response plan. Of course, this presupposes one exists! So, before a school even gets to this point it should develop a robust incident response plan with the help of qualified legal counsel. The benefits of having a plan in place before an incident are substantial. For example, the time-savings and comfort of knowing there are qualified professionals on call to assist can really help make a stressful situation more palatable.

In the event an incident response plan is not in place, consult an attorney who has experience serving as a breach coach and who understands data privacy issues and reporting obligations. While most schools are aware of their privacy obligations under the Family Educational Rights and Privacy Act (FERPA), data breaches that release potentially sensitive information, such as Social Security numbers, have their own legal reporting requirements. For colleges and universities that have students from other states, and even possibly from other countries, reporting gets even more complex as they may be required to meet the legal requirements from every state and country where students live.

Schools should also consider involving law enforcement early in the process—though this decision should be made in conjunction with qualified counsel. Larger jurisdictions sometimes have resources who can help investigate the cause of a data breach. The FBI also has experts who specialize in this kind of work that can be brought in to help with the investigation—especially where there is ransomware involved.

While any online connectivity bears some risk, taking the appropriate steps can minimize an educational institution’s risk of a cyber attack and limit their legal exposure should one occur.

Related Articles

Tampa Hospital Suffers Recent Data Breach


by Gregory Sirico

Tampa General Hospital, a non-profit research based medical center, suffered a sizeable data breach that put 1.2 million patients' information at risk.

Laptop reading hacked with translucent medical model in foreground

Current State of EU to U.S. Data Transfers


by Gregory Sirico

The Biden Administration and European Commission recently came to a principle political agreement concerning the ever-changing future of EU to U.S. data transfers.

New Framework for EU and U.S. Data Transfers

Privacy Practice


by Casey Waughn

Data protection is all the rage among tech companies and state, national (and even transnational) governments alike. Is it a passing fad or here to stay? And how should businesses and groups of all sizes handle compliance with a blizzard of new laws?

Data Protection Prompt New Privacy Laws

Announcing the 7th Annual Women in the Law Publication


by Best Lawyers

The 7th Annual Women in the Law publication is a celebration of all the female legal talent across the country, honoring every woman listed in The Best Lawyers in America and Best Lawyers: Ones to Watch in America.

Honoring Female Lawyers in the United States

What the Courts Say About Recording in the Classroom


by Christina Henagen Peer and Peter Zawadski

Students and parents are increasingly asking to use audio devices to record what's being said in the classroom. But is it legal? A recent ruling offer gives the answer to a question confusing parents and administrators alike.

Is It Legal for Students to Record Teachers?

Getting Schooled


by Janice Zhou

Public-education policy is fraught throughout the United States, and Texas is certainly no different. Two leading education lawyers weigh in on accountability, resource inequities, and why “teaching to the test” has been a bad deal for kids.

Public Education Issues and Reform

A Sea Change on Land


by Linda A. Klein and Suneel Gupta

Autonomous vehicles will revolutionize almost every area of the law. Here’s a look at what’s rapidly approaching.

Legal Considerations for Autonomous Vehicles

In the News: Texas 2019


by Best Lawyers

A roundup of relevant news from lawyers listed in Texas.

Legal News Roundup Texas

A Startup Accelerator Program Sets Cuatrecasas Apart


by Best Lawyers

Miguel de Almada and Frederico Bettencourt Ferreira from the Portuguese firm discuss their 2019 "Law Firm of the Year" award for Litigation and Arbitration.

Cuatrecasas "Law Firm of the Year"

How Do I Protect My Child From Online Predators?


by Kelly L. Frey Sr.

New technologies open up new ways for children to be exploited online. The Children’s Online Privacy Protection Act offers a solution.

What COPPA Means for Your Child

Into the Breach


by John Ettorre

Data breaches have become inevitable. Here’s what you can do to respond.

Data Breaches

Recent Developments on Privacy and Data Protection in Brazil


by Ricardo Barretto Ferreira da Silva and Camila Taliberti Ribeiro da Silva

A change of paradigm is urgent and requires a robust legislation on personal data protection.

Privacy and Data Protection Brazil

The Future of Data Privacy: You Can Run but You Can’t Hide (or Can You?)


by Chad W. King

In Ernest Cline’s dystopian novel "Ready Player One," the world’s population is addicted to a virtual reality game called the OASIS.

The Future of Data Privacy

My Data My Rules: An Overview of Data Protection in Brazil


by Fábio Pereira

My Data My Rules

The European Regulation on Data Protection and Brexit


by Anna Viladàs Jené

After many years of negotiations, on 27 April 2016, the European Regulation concerning the protection of individuals in respect of the processing of personal data and the free movement of this data (hereafter, “the Regulation”), has finally seen the light of day.

Brexit Data Protection

Cyber School


by Elizabeth S. Fitch and Theodore M. Schaer

Cybersecurity and the Claims and Litigation Management Alliance’s School of Cyber Claims

Cyber School

Trending Articles

The 2024 Best Lawyers in Spain™


by Best Lawyers

Best Lawyers is honored to announce the 16th edition of The Best Lawyers in Spain™ and the third edition of Best Lawyers: Ones to Watch in Spain™ for 2024.

Tall buildings and rushing traffic against clouds and sun in sky

Announcing The Best Lawyers in South Africa™ 2024


by Best Lawyers

Best Lawyers is excited to announce the landmark 15th edition of The Best Lawyers in South Africa™ for 2024, including the exclusive "Law Firm of the Year" awards.

Sky view of South Africa town and waterways

The Best Lawyers in Spain™ 2023


by Best Lawyers

Announcing Spain's recognized lawyers for 2023.

Flag of Spain

The Best Lawyers in Portugal™ 2024


by Best Lawyers

The 2024 awards for Portugal include the 14th edition of The Best Lawyers in Portugal™ and 2nd edition of Best Lawyers: Ones to Watch in Portugal™.

City and beach with green water and blue sky

Announcing the 2023 The Best Lawyers in America Honorees


by Best Lawyers

Only the top 5.3% of all practicing lawyers in the U.S. were selected by their peers for inclusion in the 29th edition of The Best Lawyers in America®.

Gold strings and dots connecting to form US map

Best Lawyers Expands Chilean 2024 Awards


by Best Lawyers

Best Lawyers is pleased to announce the 14th edition of The Best Lawyers in Chile™ and the inaugural edition of Best Lawyers: Ones to Watch in Chile™, honoring the top lawyers and firms conferred on by their Chilean peers.

Landscape of city in Chile

The Best Lawyers in South Africa™ 2023


by Best Lawyers

Best Lawyers proudly announces lawyers recognized in South Africa for 2023.

South African flag

Best Lawyers Expands 2024 Brazilian Awards


by Best Lawyers

Best Lawyers is honored to announce the 14th edition of The Best Lawyers in Brazil™ and the first edition of Best Lawyers: Ones to Watch in Brazil™.

Image of Brazil city and water from sky

The 2023 Best Lawyers in Portugal™


by Best Lawyers

Announcing the elite group of lawyers recognized in Portugal for 2023.

Green and red Portuguese flag

The Best Lawyers in Peru™ 2024


by Best Lawyers

Best Lawyers is excited to announce the landmark 10th edition of The Best Lawyers in Peru, the prestigious award recognizing the country's lop legal talent.

Landscape of Peru city with cliffside and ocean

Best Lawyers: Ones to Watch in America for 2023


by Best Lawyers

The third edition of Best Lawyers: Ones to Watch in America™ highlights the legal talent of lawyers who have been in practice less than 10 years.

Three arrows made of lines and dots on blue background

The Best Lawyers in Mexico Celebrates a Milestone Year


by Best Lawyers

Best Lawyers is excited to announce the 15th edition of The Best Lawyers in Mexico™ and the second edition of Best Lawyers: Ones to Watch in Mexico™ for 2024.

Sky view of Mexico city scape

2021 Best Lawyers: The Global Issue


by Best Lawyers

The 2021 Global Issue features top legal talent from the most recent editions of Best Lawyers and Best Lawyers: Ones to Watch worldwide.

2021 Best Lawyers: The Global Issue

What the Courts Say About Recording in the Classroom


by Christina Henagen Peer and Peter Zawadski

Students and parents are increasingly asking to use audio devices to record what's being said in the classroom. But is it legal? A recent ruling offer gives the answer to a question confusing parents and administrators alike.

Is It Legal for Students to Record Teachers?

Announcing the 2024 Best Lawyers in Puerto Rico™


by Best Lawyers

Best Lawyers is proud to announce the 11th edition of The Best Lawyers in Puerto Rico™, honoring the top lawyers and firms across the country for 2024.

View of Puerto Rico city from the ocean

IN PARTNERSHIP

Making an Impact


by John Fields

Morelli Law Firm has changed countless lives through its transformative results.

Three men in suits against New York skyline