Educational Organizations at Risk of Data Security Incidents during COVID-19 Pandemic

education k-12 responsive default security

May 12, 2020

Netwrix announced additional findings from its 2020 Data Risk & Security Report. The report reveals that many educational organizations are at risk of data security incidents during the current period of working from home and virtual learning.

According to the survey, even before the COVID-19 pandemic, the majority of educational organizations had weak data security controls. In particular, 54 percent of IT professionals in the educational sector confessed that employees put data at risk by sharing it via cloud apps outside of IT knowledge. This is the highest percentage among all verticals surveyed. The move to distance learning increases this risk even more.

Other notable findings of the report include:

82 percent of educational organizations don't track data sharing at all or do it manually, and 50 percent of them suffered a data breach due to unauthorized data sharing last year.
63 percent of educational organizations don't review permissions regularly, and 24 percent of system administrators admitted to granting direct access rights upon user request.
28 percent of respondents discovered data outside of secure locations, which is the highest number of all industries surveyed. This data was left exposed for days (40 percent) or months (33 percent).
Only 8 percent of respondents have developed cybersecurity and risk KPIs to evaluate their security posture and track success.

"Distance learning creates many challenges for educational organizations, and cybersecurity is often taking a back seat to operational resilience. The Netwrix survey shows that security processes were not ideal before the pandemic, leaving these institutions even more vulnerable to the growing number of cyber threats today. To ensure these institutions can secure their student and employee data, IT professionals need to get back to basics. First, they need to understand what sensitive data they have, and classify it by its level of sensitivity and value to the organization. Second, they need to ensure that the data is stored securely, prioritizing the most important data. And last, they need to adopt healthy security practices for granting permissions in order to avoid data overexposure," said Steve Dickson, CEO at Netwrix.

To get the complete findings of the 2020 Netwrix Data Risk & Security Report, please visit: https://www.netwrix.com/2020datariskandsecurityreport.html

With the advent of Internet of Things (IoT) technology and Industrial Internet of Things (IIoT), the cyber security practices are increasingly getting integrated with the physical security practices.

We will provide insight on NDAA Section 889 and how the act has evolved and impacted business, so that organizations can better mitigate risk and stay compliant.