According to a joint report by the Identity Theft Resources Center (ITRC) and CyberScout, 1,093 data breaches happened in the United States last year. Although this figure may not seem particularly high at first, it represents a 40% increase on the 780 incidents identified in 2015.
Education: 9% of total data breaches
Of the five categories the report focused on, education (defined as ”any public or private education facility, from pre-school through university level”) accounted for 9% of the total number of identified breaches, with 1,048,342 exposed records – although it’s worth noting that this figure could well be higher as the actual number of leaked records is unknown for many incidents.
Hacking/phishing/skimming – number one cause of breach
The report also examined the causes of these breaches and discovered that ‘hacking/phishing/skimming’ accounted for 56.12% of the breaches affecting the education category, compromising 643,662 records.
The second biggest cause of data breaches was staff-related incidents (comprising ‘accidental email/internet exposure’ and ‘employee error/negligence/improper disposal/lost’), which accounted for 30.61% of breaches affecting the education category, or around 350,000 exposed records.
How to deal with staff-related incidents
The majority of the above-mentioned causes have one thing in common: employees. Staff are often unware of the cyber risks facing their organization and, consequently, don’t know how to behave to minimize the likelihood or impact of security incidents. This means they endanger what schools and universities value the most: their students’ and employees’ sensitive information.
Staff awareness program to keep staff on top of cyber risks
Many companies have already rolled out staff awareness programs as a mean of educating their employees about the information security and cyber risks they might encounter. E-learning courses and trainings aids can help build and strengthen staff awareness of information security and cybersecurity.