Well, it’s been a banner year. Unfortunately, the banner year is in identity theft and breaches. The number of reported breaches in Education rose from 1,257 in 2018 to 1,473 in 2019. The number of sensitive records exposed in the Education field tallies up to 3,606,114 (an increase from 1,414,624 in 2018). Non-sensitive records exposed tallies up to 22,747 (which is down slightly from 39,690 in 2018). Thus, breaches in the Education sector are mostly increasing. These are the reported breaches.
This is not surprising as more and more of our life is conducted online. More and more of our information is housed online as well.
For us, this information falls into two camps: work and home. We take security very seriously here at work. We also want to help inform you about what this means for you at home.
We have taken many steps to help promote safety and security at work. Here are just a few examples:
- changed password requirements so that users would be encouraged to create more secure passwords
- removed local Admin rights to computers to protect against malware installation
- added banners on emails that come from unverified domains
- updated settings for security issues
Please remember that many of our staff have access to important data for students and staff. It is staff responsibility and legal obligation to protect that data.
Phishing is one area where we see attempts to collect user information. We regularly block phishing attempts. However, it is up to end-users to help us identify some of these. It only takes one incident to put all of us at risk.
These are all still valid. Remember, it only takes a second to give up information that can compromise your security. I have a friend who basically spent two solid months of his life trying to recover from an identity thief situation.
Generally, more and more people are using their phones to conduct business and their online life. Phones are a bit unique. Our defenses tend to be at the lowest while on a phone (frequently we are doing something else, rushing to do something else, etc).
- Think before you Click – Remember links are how many problems start. You should always know why you are clicking a link. When in doubt, you should type the URL in the URL box yourself instead of clicking on a link.
- Never share your credentials – This is illegal (like Federal law illegal) while at work. It is a really bad idea everywhere.
- Update – Updates generally fix security issues. Do be aware of pop-ups that purport to be an update though.
- Password Management – Utilize strong passwords. Do NOT reuse passwords. A password manager is the best way to make that happen.
- Be aware of Phishing – Know the hallmarks of a phishing attempt. Be critical of requests and links that require you to sign in.
- Back up your Data – Back up your valuable data using the 3-2-1 method.
- Be wise – Do NOT fall into the “it can’t happen to me” camp. Everyone is a target. Cybercriminals don’t know their targets. Your data is probably already out there and available from one of the data breaches. Check out “Have I Been Pwned” to see if your email address was part of a breach. This will show you where and what was accessed. (*Note that 1Password now owns this site so there is a “soft” sales pitch for 1Password).