TPS Shows School Districts Can Be at Risk for a Data Breach

With more employees, students, and contractors working remotely, cybercrime is a real concern. The Toledo Public Schools recently had a major data breach that has the potential for long lasting consequences. When many think of which institutions will be targeted by malicious hackers, they may think of financial institutions, not public school systems. Yet school districts have a wealth of information that is desirable to cybercriminals. School districts are at risk and, like any business, need to take steps to protect themselves and their data.

Data Breach Alert notification in front of a desktop computer.

What Happened to Toledo Public Schools?

In early September, the Toledo Public School district was the victim of a cyberattack which targeted personal student and staff data. Names, addresses, social security numbers, and other pieces of personal information were compromised by this data breach. TPS serves more than 23,000 students currently, but the data breach seems to have compromised data dating back to 2008. One of the biggest concerns is that the information of minor students is worth more to hackers, as they can take on the identity of the children. These criminals can use the identity of minors for years before it is discovered. This was a major data breach, made even more concerning by how long it took the school system to discover and address the breach.

How Could This Happen?

Cyber criminals look to target schools because of the wealth of personal information they contain. After healthcare and financial services, educational institutions are the third most frequent target of hackers. Schools may also be at a higher risk because of how they handle their data. School districts often do not have many staff members with technical skills, and those they do have are often juggling multiple roles, which complicates things. Over the past several months, remote access to the system is required by teachers, staff, students, and parents, exposing many potential access points.

What Can Business Owners and IT Professionals Do?

Cleaning up after a data breach is expensive, time consuming, and frustrating. It will hurt your reputation as an institution. Public and private institutions are not immune to the fallout. In the case of the Toledo Public School breach, the response may take years. The students and staff will need to be vigilant about monitoring their credit and information. A much better solution is to focus on prevention and securing data to prevent any potential data breaches from the beginning. Investing in the right security and the professionals to handle it is well worth it.

Getting Your Security Risk Assessment

A security risk assessment is a good place for the business owners and IT professionals to start. AccuShred offers a web-based tool, CSR Readiness Pro, which will provide businesses and IT departments with self-assessment tools and suggested remediation tasks. These suggested instructions, policies, and best practices will let you take an honest look at your data and the potential for a breach. Although it’s impossible to completely avoid a data breach, the majority of breaches that do happen could have been prevented with the right proactive steps.

What happened to the Toledo Public Schools should be a wake-up call for many organizations to take a hard look at the practices they have in place to protect their data from malicious cybercrime. Proactive attention and correction can go a long way toward preventing the loss an attack can bring. For more information about how you can protect your company and staff from a data breach, or to learn more about our self-assessment tool, CSR Readiness Pro, contact AccuShred today!