Education Industry at Higher Risk for IT Security Issues Due to Lack of Remote and Hybrid Work Policies

Survey data from IT security professionals in education highlights flexible cybersecurity policies and company culture as source of risk

Apricorn, the leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives announced findings for the education sector from the Apricorn 2021 Global IT Security Survey.  According to the survey, the education industry has a greater risk for cybersecurity breaches and data loss than other industries due to limited IT security policies related to remote work, as well as a lack of concern about security threats from employees. In fact, 69.4% of respondents say employees at their organizations don’t think of themselves as targets that attackers can use to access data, compared to 37.5% in information technology (IT).

“Educational institutions house a significant amount of personal data about students including health information, social security numbers, and parents’ payment information, all of which is at risk,” said Kurt Markley, U.S. Managing Director, Apricorn. “Student data is a highly sought-after target for identity theft because it can go on undetected, leaving damaging results for children and families. It’s critical that educational institutions reevaluate their security practices regarding remote work. The remote learning of the past year–which expanded third-party app and device use–means organizations have to double-down on data security efforts now and into the fall semester.”

Recommended AI News: Tom Warden Joins CLARA Analytics As Chief Insurance And Science Officer

More than 400 respondents completed the survey which compares various industries’ cybersecurity policies in relation to remote and hybrid work. The education industry consistently lags behind other industries like manufacturing, healthcare, financial services and IT when it comes to implementing policies around data security and lost/stolen devices. Notably, only 26% of respondents in education agreed they have lost/stolen device policies in place compared to 55% in IT.

Many education institutions will be returning to in-person instruction in the Fall, however most survey respondents in the education sector (90.77%) stated a hybrid work-option exists. When asked about policies and procedures that have been put in place regarding transporting devices and data, organizations in education demonstrated a trend of allowing employee-choice when it comes to policy adherence.  More than half of organizations allow the use of personal USB devices and only 20% require encrypted hardware, compared to an average of 52% for other top industries.

Recommended AI News: Etherlite Is Giving ETL Tokens to Every ETH Wallet Holder; Biggest Airdrop Ever

“Utilizing data encryption and developing a culture of security is essential to mitigate cybersecurity risks in education,” added Markley. “The past year has shown us that students’ ability to learn is reliant on technology. With the plethora of third-party apps, virtual learning platforms and other digital tools being used by schools and educational institutions, administrators need to be sure student data is protected and that employees in the industry are educated about IT security risks and how to prevent them.”