Back to School Means Back to Breaches
None
<p><span data-contrast="none">Parents typically have a checklist that includes at least a few security items (Is there a campus shuttle for after-hours? What access systems are used on dorm doors?) when they pack up their kids and send them to college, particularly for the first time.</span><span data-ccp-props='{"201341983":2,"335551550":6,"335551620":6,"335557856":16777215,"335559739":0,"335559740":224}'> </span></p><p><span data-contrast="none">Now they can add cybersecurity to the list after NordVPN researchers found that higher education is increasingly targeted by cybercriminals, with 80 universities breached in the last two years. Those schools are rich with data — personal and financial — belonging to students and employees and which can be used for identity theft and fraud.</span><span data-ccp-props='{"201341983":2,"335551550":6,"335551620":6,"335557856":16777215,"335559739":0,"335559740":224}'> </span></p><p><span data-contrast="none">“Education systems will remain a prime target for cybercriminals due to the massive troves of sensitive personal and financial data they collect. K-12 schools alone average more than one cyber incident per school day, according to CISA, underscoring the sector’s vulnerability,” says Anne Cutler, Cybersecurity Evangelist at Keeper Security.</span></p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwxXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><p><span data-contrast="none">“This trend extends to higher education institutions as well, which face additional risks from the integration of complex research data, intellectual property and open network environments,” she says. “As cyberattacks grow in frequency and sophistication, the need to strengthen cybersecurity across all levels of education is critical.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">All of the breaches that NordVPN discovered through its NordStellar threat management platform exposed email, while 14% exposed Social Security numbers. Attacking institutions of higher learning is big business — </span><span data-contrast="none">median ransomware demands, NordVPN says, weigh in at $4.4 million. </span><span data-ccp-props='{"201341983":2,"335551550":6,"335551620":6,"335557856":16777215,"335559739":0,"335559740":224}'> </span></p><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="7b2fce53028d4c3d9ff78256-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="7b2fce53028d4c3d9ff78256-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div><p><span data-contrast="none">The attacks also boost the reputations of the bad actors. </span><span data-contrast="none">“Universities have become trophy targets for cybercriminals,” Marijus Briedis, chief technology officer (CTO) at NordVPN, said in a release. “An attack on a major institution guarantees media coverage, shows off the hacker’s skills, and exposes thousands of students and staff at once.”</span><span data-ccp-props='{"201341983":2,"335551550":6,"335551620":6,"335557856":16777215,"335559739":0,"335559740":224}'> </span></p><p><span data-contrast="none">Threat actors prefer to hit up organizations that the public relies on heavily because there’s greater pressure to pay ransom, says Heath Renfrow, co-founder and CISO at Fenix24. </span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“K-12 schools or districts cannot afford to be down for weeks, and in most cases, they do not have the right IT infrastructure to be able to recover on their own without paying the ransom,” says Renfrow, who points out they’re particularly vulnerable since they “rarely have robust security defenses, making them both attractive and easy targets.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Those schools also don’t have recoverable backups and can’t afford to be shut down or have miscreants release private data on students and faculty, says Renfrow, which typically provides the necessary pressure to get them to pay ransom.</span><span data-ccp-props='{"201341983":2,"335551550":6,"335551620":6,"335557856":16777215,"335559739":0,"335559740":224}'> </span></p><p><span data-contrast="none">The school year has started, but it’s not too late to protect students — and schools — from erstwhile hackers. Strong passwords are one of the best — and easiest defenses against breaches. </span><span data-ccp-props='{"201341983":2,"335551550":6,"335551620":6,"335557856":16777215,"335559739":0,"335559740":224}'> </span></p><p><span data-contrast="none">“It is imperative that everyone uses a secure password management tool to generate strong, unique passwords for every account,” says Cutler. </span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">That ensures that if a platform is compromised, “the rest stay protected, and you don’t have to remember dozens of logins,” she says.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Cutler also advocates starting cybersecurity education early but cautions it must “be engaging, age-appropriate and actionable.” That’s the thinking behind </span><a href="https://flexyourcyber.com/" target="_blank" rel="noopener"><span data-contrast="none">Flex Your Cyber</span></a><span data-contrast="none">, she says, a public service initiative launched by Keeper and “focused on empowering students, parents, teachers and administrators to build strong cybersecurity habits from an early age.” The National Cybersecurity Alliance, </span><a href="http://cyber.org/" target="_blank" rel="noopener"><span data-contrast="none">CYBER.org</span></a><span data-contrast="none">, KnowBe4 and Atlassian Williams Racing have joined in to create “fun, interactive resources – like games, videos and lesson plans – that help families and schools build a foundation of cyber awareness.” </span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">In addition to strong, unique passwords, NordVPN recommends:</span><span data-ccp-props='{"201341983":2,"335551550":6,"335551620":6,"335557856":16777215,"335559739":0,"335559740":224}'> </span></p><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="1" data-aria-level="1"><b><span data-contrast="none">Keeping devices and software up to date</span></b><span data-contrast="none">: Regular updates patch security vulnerabilities.</span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":2,"335551550":6,"335551620":6,"335557856":16777215,"335559685":945,"335559740":224}'> </span></li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="2" data-aria-level="1"><b><span data-contrast="none">Enabling multi-factor authentication (MFA)</span></b><span data-contrast="none">: <a href="https://securityboulevard.com/2025/08/mastering-mfa-implementation-a-comprehensive-guide-for-enterprise-security/" target="_blank" rel="noopener">It adds an extra layer of protection beyond just a password</a>.</span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":2,"335551550":6,"335551620":6,"335557856":16777215,"335559685":945,"335559740":224}'> </span></li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="3" data-aria-level="1"><b><span data-contrast="none">Being cautious with links and attachments</span></b><span data-contrast="none">: Don’t click on suspicious emails or messages, even from people you know.</span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":2,"335551550":6,"335551620":6,"335557856":16777215,"335559685":945,"335559740":224}'> </span></li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="4" data-aria-level="1"><b><span data-contrast="none">Reporting suspicious activity</span></b><span data-contrast="none">: If something seems off, notify IT support or your platform provider instead of trying to fix it alone.</span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":2,"335557856":16777215,"335559685":945,"335559740":224}'> </span></li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="5" data-aria-level="1"><b><span data-contrast="none">Using a VPN on Wi-Fi: </span></b><span data-contrast="none">Public university or school Wi-Fi isn’t always secure, so we recommend using a VPN on public Wi-Fi. It will redirect your online traffic through a private internet server, protecting it from hackers and identity thieves.</span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":2,"335551550":6,"335551620":6,"335557856":16777215,"335559685":945,"335559740":224}'> </span></li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="6" data-aria-level="1"><b><span data-contrast="none">Practicing basic digital hygiene daily</span></b><span data-contrast="none">: Log out of shared devices, avoid oversharing personal information, and review account privacy settings.</span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":2,"335551550":6,"335551620":6,"335557856":16777215,"335559685":945,"335559740":224}'> </span></li></ul><p><span data-contrast="none">All those steps might help keep your student safer, but unfortunately, it’s not going to keep you from missing them as they empty your nest.</span><span data-ccp-props="{}"> </span></p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/09/back-to-school-means-back-to-breaches/" data-a2a-title="Back to School Means Back to Breaches"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F09%2Fback-to-school-means-back-to-breaches%2F&linkname=Back%20to%20School%20Means%20Back%20to%20Breaches" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F09%2Fback-to-school-means-back-to-breaches%2F&linkname=Back%20to%20School%20Means%20Back%20to%20Breaches" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F09%2Fback-to-school-means-back-to-breaches%2F&linkname=Back%20to%20School%20Means%20Back%20to%20Breaches" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F09%2Fback-to-school-means-back-to-breaches%2F&linkname=Back%20to%20School%20Means%20Back%20to%20Breaches" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F09%2Fback-to-school-means-back-to-breaches%2F&linkname=Back%20to%20School%20Means%20Back%20to%20Breaches" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>