Why Schools Need Cybersecurity

online education concept

According to PwC, nearly 80% of organizations today will encounter a cyberattack at least once. When hearing this statistic,  most would picture retail stores, offices, or big corporations, but what we should really be picturing are schools. Cybersecurity in schools is becoming increasingly important, and making this a school’s high priority is in the best interest for all.

Why schools? The better question is why not? Schools contain hugely important pieces of information on students, faculty, staff, administration, and parents. Schools contain data like social security numbers, check copies with routing numbers, driver’s license numbers, addresses, phone numbers, and more. These pieces of information can cause more harm than a simple credit card number. Some of these identifiers cannot be as easily changed as a credit card, and some of these cannot be changed at all.


Some schools are implementing a chief information security officer, or CISO, if they can afford it, but many schools are unable to add this position due to financial reasons. A CISO’s role requires him or her to be in charge of all security-related matters: preventative measures, going through the process of recovery if a breach occurs, and educating all users on proper cybersecurity procedures. However, for many schools, a CISO is yet another item on their wish lists.

Security breaches may cost schools more than just money–it can seriously harm an institution’s credibility. If your credit card information was hacked after shopping at a particular store, you’d probably think differently of it. If a school’s databases are hacked, leaking so much of your personal information, you’re faith in this institution would be decreased, if not lost. Schools are supposed to be educating students to make good, informed decisions and approach all aspects of life with logic, reasoning, and solid support. If a school is hacked, there has clearly been some sort of fault, meaning some facet of the school did not do an effective job at exercising intelligent decisions based upon logic and reasoning.

Schools are at a disadvantage because of the large quantity of people in the system in combination with the fluidity of users. Take a high school, for example. The average high school has 752 students. With an average teacher-to-student ratio of  1:16, that gives a school a minimum of 47 teachers. Add a reasonable 25 staff and administration brings us to 824 people with various accounts at one school. With high school lasting four years, this means that at least roughly 188 of these accounts are removed each year (the senior class), and about 188 new accounts are created each year (the incoming freshman class). Many schools give parents accounts so that their child’s progress and grades can be tracked. If all students have two accounts out (one for each parent/guardian), this creates an additional 1,504 accounts. Now factor in new hires, retiring employees, and fired employees, and there are a lot of accounts floating around in cyberspace for one school. If just one of these many accounts fails to act securely and intelligently, all of the information is in danger.

If you have concerns about your school’s cybersecurity, Heart may be able to help! Give us a call at 309.427.7000 today to set up a discovery meeting and determine what are the right steps for your needs.