The education sector has been identified as one that is the least well-protected against data security threats, despite the fact it is one of the most frequently targeted by criminals.
This is according to a study by Bitsight, which revealed that emerging threats such as ransomware are disproportionately targeting institutions such as colleges and universities, SC Magazine reports.
It found some 13 per cent of organisations in the education sector experienced such an attack. This was more than three times the rate experienced by the healthcare sector and ten times that of finance.
One of the main reasons why these education sector organisations are especially vulnerable to serious privacy breaches is because of the wide range of personal and confidential data they possess.
Details such as social security numbers, medical records, intellectual property, research, and financial data of faculty, staff, and students are all valuable to criminals.
The problem is exacerbated by the fact the sector ranked dead last when it comes to data security performance, the research found. It noted there may be several factors that contribute to this, including budgetary constraints, smaller IT teams than those in other sectors, and an environment that encourages activities such as file transfers and screen sharing.
BitSight Technologies senior data scientist Jay Jacobs told SC Magazine that the sector's culture of openness is often at odds with commonly-accepted security best practices.
For instance, he stated: "There is a fundamental challenge within educational institutions to support whatever device students and faculty bring in, since the goal is learning and open collaboration."
This can leave institutions vulnerable to a wide range of data security challenges, from malware and ransomware sneaking in via unsecure gadgets to students and faculties taking sensitive data off-campus on mobile devices, which may be vulnerable to loss, theft or even 'visual hacking' as they view sensitive documents in public areas.
"While there are some institutions that have made great strides, and their security is comparable to even good private organisations, many institutions have a long, tough road to improve their security overall," Mr Jacobs continued.