As cybersecurity risks increase across industries, colleges — which increasingly depend on apps and software for teaching, learning and operations — remain valuable targets for cybercriminals and data exploitation.
For years, cybersecurity experts such as the FBI have been sounding the alarm about the risks surrounding widespread collection of student data and the rapid growth of education technologies. The Federal Communications Commission recently warned that cyberscams are increasingly aimed at college students.
Cyber risks increase with the use of apps by students and faculty as well as the growing amount of data collected daily. Another source of risk: Colleges partner with technology companies and learning management systems to run classroom operations, and those ed tech companies store and share students’ personal information for what schools deem “educational purposes.”
Since 2005, K-12 school districts as well as colleges and universities have experienced more than 3,700 data breaches, affecting more than 37.6 million records, according to data from Comparitech. In 2023, U.S. schools and colleges reported a record-high 954 data breaches affecting 4.3 million records.
“Colleges actually are a target, partly because they have so many people who are relatively young, who are relatively innocent of the world. They’re not very suspicious,” says Elana Zeide, an assistant professor of law at the University of Nebraska–Lincoln and a student privacy law expert.
The FCC’s scam warning, for example, highlighted fraudulent technical support, fake jobs, texts about loan or tuition payments, fraudulent scholarships, and roommate and rental scams, all of which trick victims into making payments or sharing sensitive personal information.
[READ: FERPA: What Parents of College Students Should Know.]
Effects of a Data Breach
When schools share information for “educational purposes,” the companies they partner with are not supposed to share it with or sell it to third parties — such as marketing companies or other entities — unless the school tells them to, Zeide says. However, “there is some research showing that’s not always followed,” she says.
Regardless, the data is vulnerable to hackers who can damage students’ credit scores and cause legal issues by opening lines of credit with stolen Social Security numbers. They can also harm students by obtaining sensitive information like medical records, behavioral issues and financial information relating to meal dependency.
Much of Zeide’s research focuses on how students have limited choices about technology use and data privacy in college. Schools can track student digital activity on the campus WiFi network, and the growing use of generative artificial intelligence tools in college settings, such as ChatGPT, also opens up potential data privacy issues for students, she says.
“It’s almost impossible to opt out of technology that your school has chosen and either still be allowed to pursue your education as you would have or get the same quality of education,” she says. “In those cases, it’s just an institutional choice and I feel for students who are pressured into that. In the meanwhile, if it’s something that’s very specific to a professor or a classroom, I would raise your issues with the professor or your dean. Sometimes they are not aware of the potential problems.”
Since it’s not easy to opt out, students should minimize the data they put in a system, says Marshini Chetty, an associate professor of computer science at the University of Chicago in Illinois. “If you’re really concerned, you could make sure and follow up on what the instructor is retaining or ask for your data to be deleted.”
Data Privacy Tips
Here are five practical ways experts say students can guard their personal information against potential data breaches.
Beware of Phishing
Phishing is the fraudulent practice of pretending to be someone else to steal personal information like passwords or credit card numbers, or trick victims into sending money to scammers. These text, email, phone or social media messages can look legitimate and trick even those with a discerning eye. They may target college students by using the name of a professor, department head or other university official and include language, detailed information and logos that make the message seem believable.
Clicking on phishing links can give scammers access to computer files or lock you out of your device. When you’re reading an email or text message, experts say you should take your time and watch out for requests for personal or sensitive information, requests for financial information, suspicious attachments or links, scare tactics, mismatched email domains or URLs, or urgent language or threats.
“If (a message) tells you that something is going to happen immediately and it’s going to be bad, think about it for a second,” Zeide says. “If there’s any question at all, send it to your school.”
Schools have information technology professionals who track phishing scams and will know how to handle them, she says.
[Read: Social Media: Do’s and Don’ts for College Students]
Students should also be wary of what they click on through apps they frequently use outside of educational purposes, such as social media or dating apps, Chetty says.
“There are lots of ways to trick college students,” she says. “I think it is a demographic that’s exploring and willing to try new things, but I do think that means it’s easier to scam students because you can pretend to be all sorts of things.”
Use Strong Passwords
Avoid obvious passwords, such as names, pet names and birth dates. The best passwords are longer than eight letters and include a mix of letters, numbers and symbols, Chetty says.
Using the same password for multiple accounts is an open door for cybercriminals. A good password manager can help you keep track of and update numerous passwords, experts say.
Biometric authentication, which usually requires facial recognition or a fingerprint to log in to a device, is an even more secure approach.
“Some people are quite worried that their facial details will get stolen and they do only have one face,” Zeide says. “But in most cases those details are stored on the local devices, so it’s a little less risky than you might think.”
Use Multi-Factor Authentication
Multi-factor authentication, which typically requires a login code that’s sent to a user’s device in addition to a password, can also help prevent password theft or unauthorized logins, experts say.
“It’s a pain and it’s a little inconvenient, but it’s really your best defense that you can do relatively easily,” Zeide says. “Once people can get into a main account of yours, like a Google account or Microsoft account, they can really wreak havoc. You can lose access to anything you have associated with that account.”
[Read: Is Your Data Safe When Applying for Financial Aid?]
Check Location Settings
You should also be wary of apps that track your location, says Erika Douglas, an associate professor of law at Temple University
in Pennsylvania. Tracking permissions can be adjusted in the privacy settings on your device.
“There’s been a number of instances where apps have the default setting to collect information you wouldn’t expect,” she says. “Looking up your settings can be a really good way to at least consider, and maybe change, the collection of your personal information, which is the most powerful intervention against it later being misused.”
Back up Your Data
Many people use cloud storage
to back up their files in addition to device storage, but Zeide recommends students also use a third-party data storage platform. These often cost about $10 to $15 per month, and she says the peace of mind is worth the cost.
“If someone does get into your account and lock you out, you still have your information, your photos, all of those things in another copy elsewhere,” she says. “If for some reason your computer dies two weeks before exams, you are assured to have backups.”
For many people, privacy and security are secondary concerns, Chetty says. But she challenges students to take a proactive approach.
“For most people, it does end up feeling like it’s too much effort,” she says. “I don’t think there’s anything wrong with that, but there’s also nothing wrong with wanting to protect your privacy, thinking about it and doing something about it.”
Searching for a college? Get our complete rankings of Best Colleges.
More from U.S. News
Cellphones in School: What to Know
How to Talk to Tweens About Being Responsible on Social Media
What Is Media Literacy? What Parents Need to Know
Data Privacy Tips for College Students originally appeared on usnews.com
