Protecting Student Information

Heading back to school conjures a mix of emotions. For students, it’s the end of summer. No more carefree, agenda-less days. For parents, it’s a roller coaster ride. There’s a sense of relief mingled with sadness. The kids are, after all, one year older.

Teachers are ready to plunge into work. Coaches are ready to get back to training and games. Practically everyone is ready for cooler weather.

But there’s another, more sinister group that’s also excited. They aren’t enrolled in any classes, but they’re ready to school educators in all kinds of malicious ways.

They are cyber criminals, and they have their sights set on student information.


According to the Verizon 2017 Data Breach Investigations Report, cyber espionage is the single most common form of attack in the education sector. The Verizon DBIR actually refers to this as “the long game.” In essence, it’s all about stealing sensitive student information.

Here’s how it works.

Cyber criminals find a way into a school’s system. Once they have access, they lay low, gathering student information slowly over time. As Forbes points out, student information can include some important data like “social security numbers, student ID numbers, and dates of birth.”

That’s pretty much everything needed for identity theft.


Of course, that strategy hinges on some kind of access. Without access to a school’s network, cyber criminals have no way to get their grubby little hands on student information in the first place. They need a way in.

A whopping 91% of all cyber attacks begin in the form of a phishing email. Given the success rate for phishing, it’s little wonder. 30% of the time, users actually open phishing emails. That’s all it takes, and your institution’s student information is at risk.

If you want to protect student information, it’s imperative that you keep your guard up against phishing.


Here’s the good news: phishing only works if the user opens the email. The bad news, of course, is that far too many fall for this clever method of attack.

After all, it’s just an email. We get dozens of them daily. How dangerous could it be?

The single most important thing you can do to protect your school’s student information is educate staff about the dangers of phishing attacks. Stopping phishing is as easy as following three basic rules.

1. Know what you’re clicking on.

Never open an email or click on any link unless you trust the sender and know where the link is taking you. No exceptions.

2. Pop-ups are annoying . . . and possibly dangerous.

No one likes pop-ups. Except cyber criminals. They love them because they evoke curiosity. Before you click on a pop-up, see rule #1.

3. Social media is dangerous, too.

Phishing attacks have moved beyond email. Last year saw a rise in social media based phishing attacks by approximately 500%. Be just as cautious on Facebook as you are in your inbox.


You have to keep student records in order to do your job. And you have to protect those same records in order to keep your students safe. That means getting serious about fighting phishing.

The key is educating and training your staff. And if you need some assistance in that arena, Akins IT can help.

We’d be happy to walk you through the process of assessing your institution’s current security solution. If we find vulnerabilities, we’ll make recommendations to ensure every single piece of student information is safe. That includes training your staff.

If we can help, please feel free to get in touch with us today.