Cybersecurity Risks in the Education Industry


By Chris Williams, Security+

According to IBM, it is estimated that the average cost of a data breach in the education industry in 2021 was $3.9 million. For some institutions, this amount can be devastating. But there are ways to prepare for and prevent these attacks.

Why the Education Industry is a Hot Target

Schools and colleges have a large amount of Personal Identifiable Information (PII) required for everyday operation, and cybercriminals want to get their hands on this kind of information. Educational institutions often also have limited resources for network security and complex structures required to grant network access to faculty, staff, students and parents. This can make it difficult to identify vulnerabilities and catch bad actors who may have infiltrated the network.

In addition, there has been a steady increase in cyberattacks on schools amid the changes that have come with the shift to a more modern, hybrid tech-reliant learning environment. According to Emsisoft, 26 U.S. school districts and 24 higher learning institutions have been hit with ransomware so far in 2022.

How Educational Institutions Can Measure their Risk

Our team of IT professionals has identified 12 questions to help gauge your current security risk areas and assess your overall IT health. Most importantly, the results will provide tips to help you make actionable improvements now.

From data backups to your administrative protocols and password protection processes, this IT quiz will give you some quick wins to take back to your organization. Know how your security stacks up while learning best practices for optimum network stability, disaster recovery, and IT health.

IT Health Check

No matter where you land on the risk scale, sometimes you just need a second opinion. One set of questions can certainly provide a nice overview, but there’s no substitute for a comprehensive security assessment.

The Effects of Ransomware on Schools

Earlier this year, a school district in Albuquerque, New Mexico was forced to cancel school for almost a week due to a ransomware attack. The cybercriminal was able to compromise a database that was used to track attendance and emergency contacts for the students. This database also had the contact information for others who were authorized for student pickups.

The Los Angeles Unified School district—the second largest school district in the U.S.—was recently hit with a ransomware attack that prompted mandatory password changes for 540,000 students and 70,000 district employees.

These types of attacks can happen due to phishing email scams, in which untrained users click on malicious emails that allow the attackers into the network. Phishing attacks are a risk for any organization, but the education industry in particular is at risk for these and other more complex threats — more so than many other industries.

Want to get ahead of these attacks and identify vulnerabilities in your systems?

How Do These Attacks Play Out?

If you peruse the headlines of cyberattacks in 2022, you will find that many attacks on schools were carried out by students and many are carried out by remote attackers. Students often have access to the networks. Remote attackers often start with phishing a user on the network. In either scenario the first step of the attack — gaining access — is easy.

To address this, network administrators must work to properly secure accounts to ensure that each account can only perform the tasks they are assigned and nothing more. They must also be made aware if someone is trying to gain access to information or systems that they should not have permission to see.

The Consortium for School Network (CoSN) places cybersecurity and the privacy of student data as their top two priorities, but they believe that the risks are generally underestimated. The Center for Internet Security (CIS) estimates that cybersecurity attacks aimed at K-12 school systems could jump to as much as 86% in the coming academic year.

Active Directory Attacks on Educational Institutions

Active Directory (AD) stores information about objects in the network, including information such as all user accounts, servers, computers, data volumes, printers, etc. Active Directory Domain Services (AD DS) stores this information and makes it available to network users and administrators, providing a centralized directory to administer network security and network resources. Securing the domain is essential to the overall security and resilience of an organization.

After gaining access into a network, attackers turn to elevating their privileges in the network. Normally the goal is to gain Admin privileges to Active Directory, which then provides total control over the Active Directory domain.

There can be Active Directory vulnerabilities that are patchable. However, many of the vulnerabilities that are exploited are due to misconfigurations of:

  • Administrator privileges settings
  • Group Policies
  • Services and Service accounts
  • Old, unused accounts, etc.

Auditing Your AD Environment

Eide Bailly was contracted by a school district to conduct an audit of their AD environment. The district included over twenty-five schools with 14,000 students and 1,800 staff and faculty, and their user accounts totaled over 40,000. The district had recently experienced a major cyberattack and security breach that resulted in a loss of their network for several weeks.

After the district rebuilt their AD environment, they asked Eide Bailly to identify gaps between their current implementation and industry best practices. Our report provided the results of our assessment, including areas of concern in the current control environment along with recommendations for improvements and enhancements.

The results of our assessment included information gathered through an analysis of the organization’s business risk as they relate to information technology, a review of the design and operating effectiveness of the information technology internal control structures, and an evaluation of informal cybersecurity practices that the company had established.

How Can My Institution Mitigate Cyberattacks?

A proactive stance on cybersecurity can result in major savings for your district or institution. But this proactive approach doesn’t start with your IT department. A true culture of security begins at the top to align cybersecurity goals and business goals.

Educating your educators — as well as your students — on what to watch out for is key, as nearly 90% of breaches are a result of human error. With the right preparation and continued vigilance, you can help minimize the impact of this imminent threat.

Need help determining what a culture of security looks like for your institution? We’ve compiled an in-depth guide to cybersecurity.

Stay current on your favorite topics


Learn More

See what more we can bring to organizations just like yours.

Government Education Education (K-12)

Take a deeper dive into this Insight’s subject matter.


Eide Bailly IconSchedule a Consultation Today