Safeguarding higher education data: Why educational institutions must prioritise password management
Schools and universities are increasingly becoming targets for cyber attacks. Just consider these grim facts:
Microsoft recorded nearly 4.5 million cyber attacks in the US in April 2023, with 80% of attacks targeting educational institutions, according to the Microsoft Global Threat Activity Tracker.
Education was the third most targeted sector in Q2 2024, based on the number of analysed events.
Universities are prime targets, facing an average of 2,507 cyber attacks per week, according to a 2023 report from Check Point.
K-12 institutions are hardly immune. K12 Security Information eXchange (K12 SIX) tracks cyber incidents targeting the US primary education community. It logged over 1,600 such incidents from 2016 to 2022, with a sharp spike in 2020 and 2021.
A record number of ransomware attacks hit schools and universities in 2023, according to Comparitech.
Financial losses for school districts range from $50,000 to $1 million the US government’s General Accounting Office reports.
What’s behind this massive surge in activity? Simply put, cybercriminals are taking advantage of the education sector’s rapid adoption of e-learning.
Unlike retailers and businesses, which have been operating online for years and have had time to build expertise and a strong security culture, educators had to move to digital platforms very rapidly during the COVID-19 pandemic. That has led to a gap between educational institutions’ technologies and their ability to defend them.
Complicating matters: Many students and staff regularly bring their own devices onto the institution’s network and are often reluctant to practise basic cybersecurity hygiene.
Add all this together, and you have a perfect storm of vulnerability. Cybercriminals know this, and they’ve wasted no time in getting to work attacking schools worldwide.
Fortunately, there’s a simple step that every educational institution can take to improve its security posture: implement strong password management.
Why education needs strong password management
Password management improves organisational security, according to a recent survey of Bitwarden users. In educational institutions, it gives users a way to manage dozens of passwords securely. Instead of writing them down on pieces of paper stuck to their monitors, users can now store passwords securely in an encrypted vault. And because the passwords can be more easily managed that way, it’s far easier for users to give every one of their online services a unique password, which eliminates password reuse — a major vulnerability.
A good password manager can help students and staff create more secure passwords. Rather than using short, easy-to-guess words, the password manager can generate long strings of random letters, numbers and special characters, which are virtually impossible for hackers to crack. A weak password, with 5–7 characters, can take only seconds to crack. A strong password with 16 or more characters would take centuries.
What’s more, a password manager gives educational institutions a simple, manageable way to share passwords among staff members who need to use shared accounts. With a modern password manager, every user has their own personal vault, where their login credentials are stored in a secure, encrypted form. The organisation can also enable shared vaults, which are accessible to specified users. These vaults enable organisations to share login credentials among multiple users securely and with continual oversight.
IT administrators also value the way that password management software helps them implement regular security training and elevate the overall security culture at their organisations. The password manager becomes the focal point of their efforts to promote good security hygiene, reminding people of how important it is to use good passwords and not to reuse the same password with multiple online accounts.
Finally, with a modern password manager, IT managers and end users can get alerts when a user’s password appears on a list of compromised passwords. This happens when attackers gain access to a password and share that information on “dark web” marketplaces. If those passwords are being reused, this becomes a major vulnerability, as every service where the user employs that password is now easy for hackers to access.
Additional benefits of strong password management
There are education-specific compliance and security requirements that strong password management can help meet.
Compliance with the Family Educational Rights and Privacy Act (FERPA). This Act means educators and school administrators are responsible for keeping student data safe. It’s difficult to do that without strong password management.
Securing access to educational platforms. Whatever digital platform your school or university uses, you want to ensure it’s as secure as possible. You can only do that if you know users have sound password management. Whether they’re using Google Classroom, Canvas, Blackboard, Class Dojo or another platform, secure access is crucial.
Protecting your students’ data. Educational institutions are the guardians of many kinds of personally identifiable information (PII), including names, dates of birth, grades, attendance records, disciplinary records, home addresses and Social Security numbers. If the systems storing this information aren’t secured with strong passwords, all that data is potentially vulnerable.
Secure sharing and collaboration among educators. Teachers and staff often share account logins. Ensuring that they have the ability to do that securely is important. Passing around slips of paper with login details, or sending them by email, opens these accounts to compromise.
Management of both professional and personal accounts. It’s not only school accounts that need to be secured. Staff and students alike all have websites and apps they use for personal reasons, and those need to be secured as well. K–12 students use an average of 72 different apps — how many use the same password?
Bitwarden: The right solution for higher education
A password manager is the easiest way to create, store and retrieve strong, unique passwords while reducing susceptibility to social engineering attacks.
For IT security administrators, Bitwarden gives you the ability to control who has access to your critical applications, and facilitate easy and secure sharing of credentials. Create Collections of passwords to allow users – your educators, visiting professors and administrators – to share items with other members of the same organisation. Typically, these will be named based on departments or areas of responsibility. Each member of the organisation may have different Collections available to them based on their role.
Educators, teachers and professors can ensure e-learning applications that facilitate course management, content delivery and interaction among students are protected by strong and unique passwords secured within an end-to-end encrypted Bitwarden vault. Without strong credentials and multi-factor encryption, educators are putting personal information, addresses, educational records, payment details and intellectual property at risk.
For students, Bitwarden provides a convenient, secure way to store passwords for all the online services you use — not just school-related websites. Install the Bitwarden browser extension and mobile app to make using Bitwarden as convenient as possible — with these, you’ll have access to your logins wherever you go.
Bitwarden gives higher education institutions greater control over their credentials, which improves overall security. For those exploring passwordless authentication, Bitwarden also offers passkey management for all users, and passkey APIs and developer toolkits for developers to easily deploy passkey authentication.
To find out more about how Bitwarden can improve your school or university's security, start a free 7-day business trial today.