Due to the sharp increase in remote learning and virtual classrooms, the education sector experienced a “record-breaking” year of cyber attacks in 2020.

According to Microsoft, education is globally the sector most vulnerable to threats like malware, accounting for more than 6.8 million (over 63%) of total reported encounters in the 30 days leading up to this writing.

It’s not one sole segment of the industry that’s hurting either. In August 2020, the average number of attacks against U.S.-based education organizations alone had increased 30% month-over-month, compared to 6.5% across all sectors. The number of ransomware attacks against higher education institutions worldwide also doubled between 2019 and 2020.

And, with budget cuts hamstringing institutions in both Canada and the U.S., the need for security awareness training to strengthen data protection across various devices, networks, and other collaboration tools has never been greater.

“Students are practically born with technology between their hands, but they don’t have the information about security” – CISO from a major University in Canada.

Therefore, cyber security must be an integral part of every education organization’s mandate. Students, teachers, and administrators all need access to the learning tools necessary to understand, detect, and avoid cyber threats they may encounter in their daily activities.

To help us get to that point, analyzing data breaches from years past is key to understanding how schools are targeting and what can be done to minimize information security risk factors.

Recent Cyber Attacks Targeting Schools and Universities

For hackers, schools are an ideal target because they are a goldmine of personal information that’s rarely protected by the same level of cyber security practices used by many private enterprises. Many institutions also manage sizable budgets that malicious entities are keen to exploit.

Take the February 2021 cyber attack that victimized Simon Fraser University in British Columbia, Canada. As per reports, hackers breached a server containing sensitive information like student and staff ID numbers, admissions details, and other academic records. In all, about 200,000 people were affected by the cyber attack.

This data breach came one year after cyber criminals compromised the personal information of 250,000 individuals who attended or worked at the same university.

Cyber criminals are also targeting Canadian government offices associated with the education sector. In February 2020, Quebec’s Minister of Education confirmed hackers stole the personal information of 360,000 teachers and ex-teachers. Though arrests were made by local law enforcement, related cases of suspected identity theft were rampant.

Across the Atlantic, the story remains the same. As per a July 2020 report, 54% of U.K. universities reported a data breach to a regulator. And, despite the country’s post-secondary institutions hosting over 2.3 million students and 430,000 staff members, the report also claims that 46% of university staff didn’t receive security training in the 12 months before publication.

Then, you have a case like the Blackbaud hack, a ransomware attack first reported in the summer of 2020, as an example of a massive data breach that crosses international lines.

Nearly a dozen universities in the U.S., U.K., and Canada were affected, including the University of London and the Rhode Island School of Design. According to Blackbaud’s official statement, they acquiesced to the cyber criminals’ demands and paid the ransom for the stolen data, including phone numbers, donation histories, and more.

Key Lessons from Past Education Industry Data Breaches

1.   Schools are a prime target for cyber criminals

The high volume of attacks shows that schools need to up the data protection measures against cyber attacks. Investing in affordable anti-virus and anti-malware solutions is a must for keeping systems protected.

2.   Staff require more security training

To combat the lack of awareness of IT threats, educators and other employees at schools need to be regularly briefed on the latest security risks to know how to respond intelligently to data breaches, ransomware, and phishing attacks.

3.   Be wary of phishing attacks

Cyber criminals target academic institutions with phishing attempts designed to manipulate teachers into giving up personal identity and tax information. Becoming familiar with the signs of phishing attacks is critical to spotting them when they take place.

Cyber Security Tips for Students and Teachers

To strengthen information security in an educational environment, students, teachers, and employees require access to a mixture of education and IT security solutions. Here are some key tips for keeping your systems safe during the return to school:

1.   Keep software up to date

Regularly updating software eliminates vulnerabilities that hackers can use to launch ransomware attacks. Patching your software and devices stops anyone from being able to access your systems without your permission.

2.   Install anti-malware and anti-virus software

Anti-malware and anti-virus software will enable you to block malware and other malicious software from infecting school devices. Look for solutions with automated updates and virus scanning and anti-phishing support to tighten your defenses.

3.   Choose strong passwords

Choosing a strong password makes it much more difficult for cyber criminals to break into institutional accounts and portals. Create passwords based on non-dictionary words with a mixture of uppercase and lowercase letters, numbers, and symbols will reduce the likelihood of a successful hacking attempt. Enabling multi-factor authentication for remote access to your network is also very important.

4.   Undergo security awareness training

Cyber attacks are constantly evolving, and arranging security awareness training and phishing awareness training for staff and faculty will help them develop the skills needed to detect phishing and social engineering attempts. If you are an institution that conducts research, you may want to extend training to your students.

5.   Appoint internal cyber security ambassadors

Appoint several volunteers interested in cyber security as ambassadors and implement a training and mentorship program to develop their knowledge of threats and best practices. Once these initial participants achieve certification, monitor their progress to look for areas to improve.

6.   Avoid clicking on email links or opening attachments

Clicking on email links or opening attachments from senders you don’t know is a security risk as opening an ill-intentioned email link or attachment can lead to installing malware. Staff and faculty should be regularly reminded how to check if the sender is legitimate before clicking on anything.


Educational environments present new learning opportunities for everyone enrolled and on staff. But many of these institutions are vulnerable to cyber attacks. With the global pandemic giving hackers ample time to develop new scams and harmful software, education is the key to addressing the fast-moving threat landscape.

To protect your data, security awareness training needs to be at the forefront of your defense strategy. Proactive security awareness training will give the participants the heads-up on the methods that cyber criminals are using now and educate them on best practices to protect their information and systems.


Cybersecurity Hub

Cyber Security Hub : Access Exclusive Cyber Security Content

Searching for the right educational content about cyber security online can be frustrating and time-consuming. With so much information out there, it can be difficult to zero in on the information that matters most to you and your organization.

Luckily, there’s a better way. If you’re looking for definitions, examples, and tips and tricks on detecting and avoiding the latest cyber threats, make sure you check out the Cyber Security Hub, full of fun, instantly shareable content perfect for the classroom.