Insight

Data Breach Defense for Educational Institutions

Data Breach Defense for Educational Institutions

S. Wilson Quick

S. Wilson Quick

June 17, 2021 09:29 AM

The past 15 months have been extremely challenging for every industry, but that is especially true of educational institutions. Every level of education—from local school districts to the largest universities—has had to work to balance the safety of students, faculty and staff with their mission to provide high-quality education all the while knowing that every decision would be highly scrutinized and criticized. During this time of turmoil and uncertainty, many schools faced a challenge they were not expecting – a cyber attack.

Schools collect all sorts of personal and sensitive information about students and parents, making them prime targets for a security breach. In 2020, there were 408 publicly-disclosed data breaches or security attacks in K-12 schools, including student and staff data breaches, ransomware and other malware outbreaks, phishing attacks and a wide variety of other incidents, according to the nonprofit K-12 Cybersecurity Resource Center. This is an 18% increase over 2019. This data does not include cyber attacks at any institutions of higher education, but they are no less susceptible.

As the threat of COVID begins to lift, educational institutions need to shift more of their focus to applying the same preparation and planning as they did for the pandemic to defend against a cyber attack.

What are some steps educational institutions can take to minimize their risk?

There are a number of things that educational institutions can do to help limit their exposure to a cyber attack. First, schools — especially colleges and universities where there are more likely to be thousands of personal laptops, mobile phones, tablets and other devices connected to the network — should create, implement and enforce BYOD (bring your own device) policies that address everything from operating system updates to requirements for antivirus and other malware protection (pro-tip: offering free anti-virus software to all users on the system can go a long way in both encouraging and enhancing protection).

Educational institutions should also look into network segmentation if they have not done so already. This way if a cyber attack impacts one part of the network, it may not necessarily impact the whole network. For example, a college could segment the network so that if a hacker was able to access student housing records, the attacker would have no way of accessing student academic or health records.

It’s also important to make sure schools are allocating resources, including personnel, to focus on this issue. For the past year, many schools have understandably shifted their IT spending and employees to focus on expanding their remote learning capabilities. As the world is starting to return to normal, educational institutions need to reallocate at least some of those resources back to protecting from cyber attacks.

As schools examine their resources, they should also take a look at all of their vendor contracts related to IT services or online products. As an example, more schools are turning to third-party “cloud” solutions for data storage and software. While cloud storage has many security advantages, not all providers are created equal, especially when it comes to responding to a security incident. Review contracts to see who is held liable should there be a breach related to a vendor or service and consider renegotiating contracts if needed to limit exposure.

What should an educational institution do if it has been hacked or suspects a cyber attack?

The first thing a school should do is consult its incident response plan. Of course, this presupposes one exists! So, before a school even gets to this point it should develop a robust incident response plan with the help of qualified legal counsel. The benefits of having a plan in place before an incident are substantial. For example, the time-savings and comfort of knowing there are qualified professionals on call to assist can really help make a stressful situation more palatable.

In the event an incident response plan is not in place, consult an attorney who has experience serving as a breach coach and who understands data privacy issues and reporting obligations. While most schools are aware of their privacy obligations under the Family Educational Rights and Privacy Act (FERPA), data breaches that release potentially sensitive information, such as Social Security numbers, have their own legal reporting requirements. For colleges and universities that have students from other states, and even possibly from other countries, reporting gets even more complex as they may be required to meet the legal requirements from every state and country where students live.

Schools should also consider involving law enforcement early in the process—though this decision should be made in conjunction with qualified counsel. Larger jurisdictions sometimes have resources who can help investigate the cause of a data breach. The FBI also has experts who specialize in this kind of work that can be brought in to help with the investigation—especially where there is ransomware involved.

While any online connectivity bears some risk, taking the appropriate steps can minimize an educational institution’s risk of a cyber attack and limit their legal exposure should one occur.

Related Articles

History Eraser


by Gregory Sirico

Penguin Random House and several other major book publishing houses filed litigation against Florida education leaders who recently passed a book ban law.

Penguin logo in front of black and white books

Tampa Appeals Court ‘Sends Clear Message,” Ensuring School Tax Referendum Stays on Ballot


by Gregory Sirico

Hillsborough County's tax referendum is back on the 2024 ballot, promising $177 million for schools and empowering residents to decide the future of education.

Graduation cap in air surrounded by pencils and money

Connecticut Attorney General Releases Status Update on Data Privacy Act


by Gregory Sirico

Connecticut's attorney general recently released a report on the current status of the Data Privacy Act, focusing in on some keys areas of enforcement.

Animated woman's face with code scattered everywhere

Tampa Hospital Suffers Recent Data Breach


by Gregory Sirico

Tampa General Hospital, a non-profit research based medical center, suffered a sizeable data breach that put 1.2 million patients' information at risk.

Laptop reading hacked with translucent medical model in foreground

Current State of EU to U.S. Data Transfers


by Gregory Sirico

The Biden Administration and European Commission recently came to a principle political agreement concerning the ever-changing future of EU to U.S. data transfers.

New Framework for EU and U.S. Data Transfers

Privacy Practice


by Casey Waughn

Data protection is all the rage among tech companies and state, national (and even transnational) governments alike. Is it a passing fad or here to stay? And how should businesses and groups of all sizes handle compliance with a blizzard of new laws?

Data Protection Prompt New Privacy Laws

Announcing the 7th Annual Women in the Law Publication


by Best Lawyers

The 7th Annual Women in the Law publication is a celebration of all the female legal talent across the country, honoring every woman listed in The Best Lawyers in America and Best Lawyers: Ones to Watch in America.

Honoring Female Lawyers in the United States

What the Courts Say About Recording in the Classroom


by Christina Henagen Peer and Peter Zawadski

Students and parents are increasingly asking to use audio devices to record what's being said in the classroom. But is it legal? A recent ruling offer gives the answer to a question confusing parents and administrators alike.

Is It Legal for Students to Record Teachers?

Getting Schooled


by Janice Zhou

Public-education policy is fraught throughout the United States, and Texas is certainly no different. Two leading education lawyers weigh in on accountability, resource inequities, and why “teaching to the test” has been a bad deal for kids.

Public Education Issues and Reform

A Sea Change on Land


by Linda A. Klein and Suneel Gupta

Autonomous vehicles will revolutionize almost every area of the law. Here’s a look at what’s rapidly approaching.

Legal Considerations for Autonomous Vehicles

In the News: Texas 2019


by Best Lawyers

A roundup of relevant news from lawyers listed in Texas.

Legal News Roundup Texas

A Startup Accelerator Program Sets Cuatrecasas Apart


by Best Lawyers

Miguel de Almada and Frederico Bettencourt Ferreira from the Portuguese firm discuss their 2019 "Law Firm of the Year" award for Litigation and Arbitration.

Cuatrecasas "Law Firm of the Year"

How Do I Protect My Child From Online Predators?


by Kelly L. Frey Sr.

New technologies open up new ways for children to be exploited online. The Children’s Online Privacy Protection Act offers a solution.

What COPPA Means for Your Child

Into the Breach


by John Ettorre

Data breaches have become inevitable. Here’s what you can do to respond.

Data Breaches

Recent Developments on Privacy and Data Protection in Brazil


by Ricardo Barretto Ferreira da Silva and Camila Taliberti Ribeiro da Silva

A change of paradigm is urgent and requires a robust legislation on personal data protection.

Privacy and Data Protection Brazil

The Future of Data Privacy: You Can Run but You Can’t Hide (or Can You?)


by Chad W. King

In Ernest Cline’s dystopian novel "Ready Player One," the world’s population is addicted to a virtual reality game called the OASIS.

The Future of Data Privacy

Trending Articles

2025 Best Lawyers Awards Announced: Honoring Outstanding Legal Professionals Across the U.S.


by Jennifer Verta

Introducing the 31st edition of The Best Lawyers in America and the fifth edition of Best Lawyers: Ones to Watch in America.

Digital map of the United States illuminated by numerous bright lights

Unveiling the 2025 Best Lawyers Awards Canada: Celebrating Legal Excellence


by Jennifer Verta

Presenting the 19th edition of The Best Lawyers in Canada and the 4th edition of Best Lawyers: Ones to Watch in Canada.

Digital map of Canadathis on illuminated by numerous bright lights

Legal Distinction on Display: 15th Edition of The Best Lawyers in France™


by Best Lawyers

The industry’s best lawyers and firms working in France are revealed in the newly released, comprehensive the 15th Edition of The Best Lawyers in France™.

French flag in front of country's outline

Presenting the 2025 Best Lawyers Editions in Chile, Colombia, Peru and Puerto Rico


by Jennifer Verta

Celebrating top legal professionals in South America and the Caribbean.

Flags of Puerto Rico, Chile, Colombia, and Peru, representing countries featured in the Best Lawyers

Announcing the 13th Edition of Best Lawyers Rankings in the United Kingdom


by Best Lawyers

Best Lawyers is proud to announce the newest edition of legal rankings in the United Kingdom, marking the 13th consecutive edition of awards in the country.

British flag in front of country's outline

Unveiling the 2025 Best Lawyers Editions in Brazil, Mexico, Portugal and South Africa


by Jennifer Verta

Best Lawyers celebrates the finest in law, reaffirming its commitment to the global legal community.

Flags of Brazil, Mexico, Portugal and South Africa, representing Best Lawyers countries

Prop 36 California 2024: California’s Path to Stricter Sentencing and Criminal Justice Reform


by Jennifer Verta

Explore how Prop 36 could shape California's sentencing laws and justice reform.

Illustrated Hands Breaking Chains Against a Bright Red Background

Announcing the 16th Edition of the Best Lawyers in Germany Rankings


by Best Lawyers

Best Lawyers announces the 16th edition of The Best Lawyers in Germany™, featuring a unique set of rankings that highlights Germany's top legal talent.

German flag in front of country's outline

Celebrating Excellence in Law: 11th Edition of Best Lawyers in Italy™


by Best Lawyers

Best Lawyers announces the 11th edition of The Best Lawyers in Italy™, which features an elite list of awards showcasing Italy's current legal talent.

Italian flag in front of country's outline

Tampa Appeals Court ‘Sends Clear Message,” Ensuring School Tax Referendum Stays on Ballot


by Gregory Sirico

Hillsborough County's tax referendum is back on the 2024 ballot, promising $177 million for schools and empowering residents to decide the future of education.

Graduation cap in air surrounded by pencils and money

Find the Best Lawyers for Your Needs


by Jennifer Verta

Discover how Best Lawyers simplifies the attorney search process.

A focused woman with dark hair wearing a green top and beige blazer, working on a tablet in a dimly

Key Developments and Trends in U.S. Commercial Litigation


by Justin Smulison

Whether it's multibillion-dollar water cleanliness verdicts or college athletes vying for the right to compensation, the state of litigation remains strong.

Basketball sits in front of stacks of money

Woman on a Mission


by Rebecca Blackwell

Baker Botts partner and intellectual property chair Christa Brown-Sanford discusses how she juggles work, personal life, being a mentor and leadership duties.

Woman in green dress crossing her arms and posing for headshot

Best Lawyers Celebrates Women in the Law: Ninth Edition


by Alliccia Odeyemi

Released in both print and digital form, Best Lawyers Ninth Edition of Women in the Law features stories of inspiring leadership and timely legal issues.

Lawyer in green dress stands with hands on table and cityscape in background

The Human Cost


by Justin Smulison

2 new EU laws aim to reshape global business by enforcing ethical supply chains, focusing on human rights and sustainability

Worker wearing hat stands in field carrying equipemtn

Beyond the Billables


by Michele M. Jochner

In a recently conducted, comprehensive study, data reveals a plethora of hidden realities that parents working full-time in the legal industry face every day.

Women in business attire pushing stroller takes a phone call