52% of IT professionals in the education sector admit that employees put sensitive data at risk by sharing it via cloud apps outside of IT knowledge, a study has revealed.
The Netwrix survey, titled 2020 Data Risk & Security Report, shines a light on the threats educational establishments face during the move to remote online learning caused by the coronavirus pandemic.
The survey also revealed that, even before the outbreak, the majority of educational institutes had weak security controls when it came to sensitive data, highlighting that the move to distance learning significantly increases the risk of breach.
Among the reports other most notable findings are:
- 82% don’t track data sharing at all or do so manually, and 50% suffered a data breach caused by unauthorised sharing last year
- 63% don’t regularly review permissions, and 24% of system administrators admit to granting direct access rights upon user request
- 28% of respondents discovered data outside of secure locations, which is the highest number of all industries surveyed. This data was left exposed for days (40%) or months (33%)
- Only 8% of respondents have developed cybersecurity and risk KPIs to evaluate their security posture and track success
“Distance learning creates many challenges for educational organisations, and cybersecurity is often taking a back seat to operational resilience,” said Steve Dickson, CEO of Netwrix.
“The Netwrix survey shows that security processes were not ideal before the pandemic, leaving these institutions even more vulnerable to the growing number of cyber threats today. To ensure these institutions can secure their student and employee data, IT professionals need to get back to basics. First, they need to understand what sensitive data they have, and classify it by its level of sensitivity and value to the organisation. Second, they need to ensure that the data is stored securely, prioritising the most important data. And last, they need to adopt healthy security practices for granting permissions in order to avoid data overexposure.”