Trident Blog

Data breaches in the private education sector

Nathan Wood - Wednesday, April 10, 2019
With the introduction of the notifiable data breach scheme in early 2018, data breaches are becoming a common headache for businesses in Australia. According to the Notifiable Data Breaches Quarterly Statistics Report, there have been 812 notifiable breaches since 2018. 62 of these have come from the private education sector, which is 7.6% of all reported data breaches. The number also seems to be rising, with the most recent quarter having 21 breaches, which is the education sectors largest breach statistic so far.  Between 1 October 2018 and 31 December 2018, of the 21 data breaches in the private education sector, 13 were due to human error, 7 through malicious or criminal attack and 1 through system fault.  

What exactly is causing the private educational system to have such a large number of data breaches? 

While a number of schools have teachers who understand IT and the accompanying security threats, schools do not generally have professional IT staff with a deep understanding of security issues. Last quarter, 33% of attacks came from human error and 64% malicious attacks. Here are some reasons Trident as identified which may be causing this;

  • Open networks to allow easy connectivity for staff, students and the wider school community are now commonplace on Australian school campuses. This can make them alluring targets for cybercriminals – especially since learning institutions possess sensitive personal and financial data for their many users.
  • When networks are open to allow easy connectivity, security can be lessened to enable a good end-user experience, which can provide an ideal environment for low-risk-high-reward cyberattacks
  • Modern cybersecurity threats are becoming more sophisticated and harder to identify. Researchers suggest it takes more 150 days to detect intruders to networks without leading edge solutions.
  • Schools are no longer 9am to 4pm environments. Network users with high-level credentials, such as school executives and senior staff, are often accessing data remotely via home internet connections - opening the door to user credential theft and data exposure outside the school’s network.
  • Staff have not been properly trained and educated in cybersecurity awareness, leaving staff to be more vulnerable towards phishing attacks and unintentional personal information leaks.

How can Schools protect themselves from data breaches?

With human error being a common theme in the data breach reports, schools can proactively reduce their risk of having to publicly notify data breach by training staff on cybersecurity to make sure they are educated potential security risks, phishing attacks and privacy compliance. Additionally, schools can further protect themselves by ensuring that their security systems are in check. 

To find out more about ways you can protect your business from data breaches, contact us or get in touch with your account manager. 

Source: OAIC  


Share this article on:
Share on LinkdIn Share on Twitter



Trackback Link
Post has no trackbacks.

Recent Posts