Best Lawyers logo
 
Insight

Data Breach Defense for Educational Institutions

Data Breach Defense for Educational Institutions

S. Wilson Quick

S. Wilson Quick

June 17, 2021 09:29 AM

The past 15 months have been extremely challenging for every industry, but that is especially true of educational institutions. Every level of education—from local school districts to the largest universities—has had to work to balance the safety of students, faculty and staff with their mission to provide high-quality education all the while knowing that every decision would be highly scrutinized and criticized. During this time of turmoil and uncertainty, many schools faced a challenge they were not expecting – a cyber attack.

Schools collect all sorts of personal and sensitive information about students and parents, making them prime targets for a security breach. In 2020, there were 408 publicly-disclosed data breaches or security attacks in K-12 schools, including student and staff data breaches, ransomware and other malware outbreaks, phishing attacks and a wide variety of other incidents, according to the nonprofit K-12 Cybersecurity Resource Center. This is an 18% increase over 2019. This data does not include cyber attacks at any institutions of higher education, but they are no less susceptible.

As the threat of COVID begins to lift, educational institutions need to shift more of their focus to applying the same preparation and planning as they did for the pandemic to defend against a cyber attack.

What are some steps educational institutions can take to minimize their risk?

There are a number of things that educational institutions can do to help limit their exposure to a cyber attack. First, schools — especially colleges and universities where there are more likely to be thousands of personal laptops, mobile phones, tablets and other devices connected to the network — should create, implement and enforce BYOD (bring your own device) policies that address everything from operating system updates to requirements for antivirus and other malware protection (pro-tip: offering free anti-virus software to all users on the system can go a long way in both encouraging and enhancing protection).

Educational institutions should also look into network segmentation if they have not done so already. This way if a cyber attack impacts one part of the network, it may not necessarily impact the whole network. For example, a college could segment the network so that if a hacker was able to access student housing records, the attacker would have no way of accessing student academic or health records.

It’s also important to make sure schools are allocating resources, including personnel, to focus on this issue. For the past year, many schools have understandably shifted their IT spending and employees to focus on expanding their remote learning capabilities. As the world is starting to return to normal, educational institutions need to reallocate at least some of those resources back to protecting from cyber attacks.

As schools examine their resources, they should also take a look at all of their vendor contracts related to IT services or online products. As an example, more schools are turning to third-party “cloud” solutions for data storage and software. While cloud storage has many security advantages, not all providers are created equal, especially when it comes to responding to a security incident. Review contracts to see who is held liable should there be a breach related to a vendor or service and consider renegotiating contracts if needed to limit exposure.

What should an educational institution do if it has been hacked or suspects a cyber attack?

The first thing a school should do is consult its incident response plan. Of course, this presupposes one exists! So, before a school even gets to this point it should develop a robust incident response plan with the help of qualified legal counsel. The benefits of having a plan in place before an incident are substantial. For example, the time-savings and comfort of knowing there are qualified professionals on call to assist can really help make a stressful situation more palatable.

In the event an incident response plan is not in place, consult an attorney who has experience serving as a breach coach and who understands data privacy issues and reporting obligations. While most schools are aware of their privacy obligations under the Family Educational Rights and Privacy Act (FERPA), data breaches that release potentially sensitive information, such as Social Security numbers, have their own legal reporting requirements. For colleges and universities that have students from other states, and even possibly from other countries, reporting gets even more complex as they may be required to meet the legal requirements from every state and country where students live.

Schools should also consider involving law enforcement early in the process—though this decision should be made in conjunction with qualified counsel. Larger jurisdictions sometimes have resources who can help investigate the cause of a data breach. The FBI also has experts who specialize in this kind of work that can be brought in to help with the investigation—especially where there is ransomware involved.

While any online connectivity bears some risk, taking the appropriate steps can minimize an educational institution’s risk of a cyber attack and limit their legal exposure should one occur.

Related Articles

Connecticut Attorney General Releases Status Update on Data Privacy Act

by Gregory Sirico

Connecticut's attorney general recently released a report on the current status of the Data Privacy Act, focusing in on some keys areas of enforcement.

Animated woman's face with code scattered everywhere

Tampa Hospital Suffers Recent Data Breach

by Gregory Sirico

Tampa General Hospital, a non-profit research based medical center, suffered a sizeable data breach that put 1.2 million patients' information at risk.

Laptop reading hacked with translucent medical model in foreground

Current State of EU to U.S. Data Transfers

by Gregory Sirico

The Biden Administration and European Commission recently came to a principle political agreement concerning the ever-changing future of EU to U.S. data transfers.

New Framework for EU and U.S. Data Transfers

Privacy Practice

by Casey Waughn

Data protection is all the rage among tech companies and state, national (and even transnational) governments alike. Is it a passing fad or here to stay? And how should businesses and groups of all sizes handle compliance with a blizzard of new laws?

Data Protection Prompt New Privacy Laws

Announcing the 7th Annual Women in the Law Publication

by Best Lawyers

The 7th Annual Women in the Law publication is a celebration of all the female legal talent across the country, honoring every woman listed in The Best Lawyers in America and Best Lawyers: Ones to Watch in America.

Honoring Female Lawyers in the United States

What the Courts Say About Recording in the Classroom

by Christina Henagen Peer and Peter Zawadski

Students and parents are increasingly asking to use audio devices to record what's being said in the classroom. But is it legal? A recent ruling offer gives the answer to a question confusing parents and administrators alike.

Is It Legal for Students to Record Teachers?

Getting Schooled

by Janice Zhou

Public-education policy is fraught throughout the United States, and Texas is certainly no different. Two leading education lawyers weigh in on accountability, resource inequities, and why “teaching to the test” has been a bad deal for kids.

Public Education Issues and Reform

A Sea Change on Land

by Linda A. Klein and Suneel Gupta

Autonomous vehicles will revolutionize almost every area of the law. Here’s a look at what’s rapidly approaching.

Legal Considerations for Autonomous Vehicles

In the News: Texas 2019

by Best Lawyers

A roundup of relevant news from lawyers listed in Texas.

Legal News Roundup Texas

A Startup Accelerator Program Sets Cuatrecasas Apart

by Best Lawyers

Miguel de Almada and Frederico Bettencourt Ferreira from the Portuguese firm discuss their 2019 "Law Firm of the Year" award for Litigation and Arbitration.

Cuatrecasas "Law Firm of the Year"

How Do I Protect My Child From Online Predators?

by Kelly L. Frey Sr.

New technologies open up new ways for children to be exploited online. The Children’s Online Privacy Protection Act offers a solution.

What COPPA Means for Your Child

Into the Breach

by John Ettorre

Data breaches have become inevitable. Here’s what you can do to respond.

Data Breaches

Recent Developments on Privacy and Data Protection in Brazil

by Ricardo Barretto Ferreira da Silva and Camila Taliberti Ribeiro da Silva

A change of paradigm is urgent and requires a robust legislation on personal data protection.

Privacy and Data Protection Brazil

The Future of Data Privacy: You Can Run but You Can’t Hide (or Can You?)

by Chad W. King

In Ernest Cline’s dystopian novel "Ready Player One," the world’s population is addicted to a virtual reality game called the OASIS.

The Future of Data Privacy

My Data My Rules: An Overview of Data Protection in Brazil

by Fábio Pereira

My Data My Rules

The European Regulation on Data Protection and Brexit

by Anna Viladàs Jené

After many years of negotiations, on 27 April 2016, the European Regulation concerning the protection of individuals in respect of the processing of personal data and the free movement of this data (hereafter, “the Regulation”), has finally seen the light of day.

Brexit Data Protection

Trending Articles

Presenting The Best Lawyers in Australia™ 2025

by Best Lawyers

Best Lawyers is proud to present The Best Lawyers in Australia for 2025, marking the 17th consecutive year of Best Lawyers awards in Australia.

Australia flag over outline of country

Legal Distinction on Display: 15th Edition of The Best Lawyers in France™

by Best Lawyers

The industry’s best lawyers and firms working in France are revealed in the newly released, comprehensive the 15th Edition of The Best Lawyers in France™.

French flag in front of country's outline

How To Find A Pro Bono Lawyer

by Best Lawyers

Best Lawyers dives into the vital role pro bono lawyers play in ensuring access to justice for all and the transformative impact they have on communities.

Hands joined around a table with phone, paper, pen and glasses

How Palworld Is Testing the Limits of Nintendo’s Legal Power

by Gregory Sirico

Many are calling the new game Palworld “Pokémon GO with guns,” noting the games striking similarities. Experts speculate how Nintendo could take legal action.

Animated figures with guns stand on top of creatures

Announcing The Best Lawyers in New Zealand™ 2025 Awards

by Best Lawyers

Best Lawyers is announcing the 16th edition of The Best Lawyers in New Zealand for 2025, including individual Best Lawyers and "Lawyer of the Year" awards.

New Zealand flag over image of country outline

Announcing the 13th Edition of Best Lawyers Rankings in the United Kingdom

by Best Lawyers

Best Lawyers is proud to announce the newest edition of legal rankings in the United Kingdom, marking the 13th consecutive edition of awards in the country.

British flag in front of country's outline

Announcing The Best Lawyers in Japan™ 2025

by Best Lawyers

For a milestone 15th edition, Best Lawyers is proud to announce The Best Lawyers in Japan.

Japan flag over outline of country

The Best Lawyers in Singapore™ 2025 Edition

by Best Lawyers

For 2025, Best Lawyers presents the most esteemed awards for lawyers and law firms in Singapore.

Singapore flag over outline of country

Announcing the 16th Edition of the Best Lawyers in Germany Rankings

by Best Lawyers

Best Lawyers announces the 16th edition of The Best Lawyers in Germany™, featuring a unique set of rankings that highlights Germany's top legal talent.

German flag in front of country's outline

How Much Is a Lawyer Consultation Fee?

by Best Lawyers

Best Lawyers breaks down the key differences between consultation and retainer fees when hiring an attorney, a crucial first step in the legal process.

Client consulting with lawyer wearing a suit

Celebrating Excellence in Law: 11th Edition of Best Lawyers in Italy™

by Best Lawyers

Best Lawyers announces the 11th edition of The Best Lawyers in Italy™, which features an elite list of awards showcasing Italy's current legal talent.

Italian flag in front of country's outline

Presenting the 2024 Best Lawyers Employment and Workers’ Compensation Legal Guide

by Best Lawyers

The 2024 Best Lawyers Employment and Workers' Compensation Legal Guide provides exclusive access to all Best Lawyers awards in related practice areas. Read below and explore the legal guide.

Illustration of several men and women in shades of orange and teal

Things to Do Before a Car Accident Happens to You

by Ellie Shaffer

In a car accident, certain things are beyond the point of no return, while some are well within an individual's control. Here's how to stay legally prepared.

Car dashcam recording street ahead

Combating Nuclear Verdicts: Empirically Supported Strategies to Deflate the Effects of Anchoring Bias

by Sloan L. Abernathy

Sometimes a verdict can be the difference between amicability and nuclear level developments. But what is anchoring bias and how can strategy combat this?

Lawyer speaking in courtroom with crowd and judge in the foreground

The Push and Pitfalls of New York’s Attempt to Expand Wrongful Death Recovery

by Elizabeth M. Midgley and V. Christopher Potenza

The New York State Legislature recently went about updating certain wrongful death provisions and how they can be carried out in the future. Here's the latest.

Red tape blocking off a section of street

Attacked From All Sides: What Is Happening in the World of Restrictive Covenants?

by Christine Bestor Townsend

One employment lawyer explains how companies can navigate challenges of federal and state governmental scrutiny on restrictive covenant agreements.

Illustration of two men pulling on string with blue door between them

We use cookies to enhance your experience. You can read our Cookie Policy to learn more.