Parents typically have a checklist that includes at least a few security items (Is there a campus shuttle for after-hours? What access systems are used on dorm doors?) when they pack up their kids and send them to college, particularly for the first time. 

Now they can add cybersecurity to the list after NordVPN researchers found that higher education is increasingly targeted by cybercriminals, with 80 universities breached in the last two years. Those schools are rich with data — personal and financial — belonging to students and employees and which can be used for identity theft and fraud. 

“Education systems will remain a prime target for cybercriminals due to the massive troves of sensitive personal and financial data they collect. K-12 schools alone average more than one cyber incident per school day, according to CISA, underscoring the sector’s vulnerability,” says Anne Cutler, Cybersecurity Evangelist at Keeper Security.

“This trend extends to higher education institutions as well, which face additional risks from the integration of complex research data, intellectual property and open network environments,” she says. “As cyberattacks grow in frequency and sophistication, the need to strengthen cybersecurity across all levels of education is critical.” 

All of the breaches that NordVPN discovered through its NordStellar threat management platform exposed email, while 14% exposed Social Security numbers. Attacking institutions of higher learning is big business — median ransomware demands, NordVPN says, weigh in at $4.4 million.  

The attacks also boost the reputations of the bad actors. “Universities have become trophy targets for cybercriminals,” Marijus Briedis, chief technology officer (CTO) at NordVPN, said in a release. “An attack on a major institution guarantees media coverage, shows off the hacker’s skills, and exposes thousands of students and staff at once.” 

Threat actors prefer to hit up organizations that the public relies on heavily because there’s greater pressure to pay ransom, says Heath Renfrow, co-founder and CISO at Fenix24.  

“K-12 schools or districts cannot afford to be down for weeks, and in most cases, they do not have the right IT infrastructure to be able to recover on their own without paying the ransom,” says Renfrow, who points out they’re particularly vulnerable since they “rarely have robust security defenses, making them both attractive and easy targets.” 

Those schools also don’t have recoverable backups and can’t afford to be shut down or have miscreants release private data on students and faculty, says Renfrow, which typically provides the necessary pressure to get them to pay ransom. 

The school year has started, but it’s not too late to protect students — and schools — from erstwhile hackers. Strong passwords are one of the best — and easiest defenses against breaches.  

“It is imperative that everyone uses a secure password management tool to generate strong, unique passwords for every account,” says Cutler.  

That ensures that if a platform is compromised, “the rest stay protected, and you don’t have to remember dozens of logins,” she says. 

Cutler also advocates starting cybersecurity education early but cautions it must “be engaging, age-appropriate and actionable.” That’s the thinking behind Flex Your Cyber, she says, a public service initiative launched by Keeper and “focused on empowering students, parents, teachers and administrators to build strong cybersecurity habits from an early age.” The National Cybersecurity Alliance, CYBER.org, KnowBe4 and Atlassian Williams Racing have joined in to create “fun, interactive resources – like games, videos and lesson plans – that help families and schools build a foundation of cyber awareness.”  

In addition to strong, unique passwords, NordVPN recommends: 

• Keeping devices and software up to date: Regular updates patch security vulnerabilities. 

• Enabling multi-factor authentication (MFA): It adds an extra layer of protection beyond just a password. 

• Being cautious with links and attachments: Don’t click on suspicious emails or messages, even from people you know. 

• Reporting suspicious activity: If something seems off, notify IT support or your platform provider instead of trying to fix it alone. 

• Using a VPN on Wi-Fi: Public university or school Wi-Fi isn’t always secure, so we recommend using a VPN on public Wi-Fi. It will redirect your online traffic through a private internet server, protecting it from hackers and identity thieves. 

• Practicing basic digital hygiene daily: Log out of shared devices, avoid oversharing personal information, and review account privacy settings. 

All those steps might help keep your student safer, but unfortunately, it’s not going to keep you from missing them as they empty your nest.