Education institutions should review security protocols after a new report discovers the industry is particularly vulnerable.

The education sector is the least secure of 17 industries studied this year, according to a report that analyzed cyber security throughout 2018.

Education institutions specifically struggled with application security, endpoint security and patching cadence, according to the “2018 Education Cybersecurity Report,” conducted by the information security company SecurityScorecard.

Results have shown that although hackers have gotten better at stealing school and student data, the education industry is no better prepared to deal with these malicious threats.

SecurityScorecard offers these three insights to get education institutions started on a more reliable security plan:

3 Points of Security Vulnerabilities in the Education Sector

1. Application Security: Schools are relying more than ever on online applications for testing, data collection and analytics. Hackers will take advantage of application vulnerabilities, which means school districts and universities need to be aware of any in their networks and close them up. 

2. Endpoint Security: The number of personal devices used by students and faculty across both K–12 and higher education is increasing, expanding the number of vulnerable endpoints. These devices can be especially vulnerable because many people use the same devices to connect to home networks, which may offer less protection than campus networks. Integrating endpoint segmentation can help to limit any damage if a device is compromised. 

3. Patching Cadence: Updating software is essential. While patching can be a burden for education IT teams, especially those with fewer resources, there are programs that can help bear some of the weight. Security companies offer virtual patching programs that identify vulnerabilities and offer a quick fix until an IT member can complete the patch.