ID Experts Home

Education

Defend students, faculty, and staff against the dangers of identity theft

Our MyIDCare identity protection is the most complete solution for helping keep private information private.

Know your data breach risks. Guard your people’s personal information.

Educational institutions are a data goldmine for hackers. Valuable information like Social Security numbers, medical records, banking numbers all can be sold or held for ransom. When it comes to data protection, however, education lags behind other sectors, despite a complex network of regulations such as HIPAA, GLBA, and laws protecting minors. It’s time to prepare for the inevitable cyber-breach. ID Experts’ proven breach response services are ready to help. And our MyIDCare identity protection solution helps safeguard your student, faculty, staff, alumni, and donor identities.

26 %

of education breaches involve cyber-espionage

1 MM

records exposed in education breaches in 2016

#1

InfoSec #1 IT issue for higher ed

Some of our education clients include

Some of our education clients include
Some of our education clients include
Some of our education clients include
Some of our education clients include

Solutions designed for educational institutions

Breach response services for any-size incident

​Whether you have a small incident or a massive breach, our made-to-fit services can scale based on your needs. We’ll work with your legal counsel and cyber insurance provider to help manage all aspects of a breach response—notification and mailing, call center, website, and identity protection enrollment.

Choose only the breach response services and identity protection solutions you need, be it individual components (a la carte) or a complete package. Now you can ensure a timely and well-organized breach response and provide peace of mind with MyIDCare identity protection.

Keeping students, faculty, staff, and alumni safe from all identity threats

There are nine types of identity theft—and your entire campus is at risk for them all. Your people need MyIDCare, the only complete identity protection solution. Our credit, financial, and cyber (dark web) monitoring offer a defense against financial harms. And our patented health transaction monitoring technology, MIDAS, helps in the fight against the growing risks of medical identity theft.

MyIDCare’s complete identity recovery with concierge-style services restores victims’ identities to pre-theft status, which we’ve done with a 100% success rate.

Great educators deserve great benefits

Recruiting and retaining top faculty and staff is a challenge. You want to provide the best benefits package possible; however, academic institutions operate on strict budgets. MyIDCare identity protection is the perfect solution. It’s a high-value, moderately priced benefit your employees will truly appreciate, whether it’s offered as an institution-paid or voluntary benefit. Getting started is easy—we’ll provide the implementation and rollout plan, along with all the tools you need to communicate with your employees.

The newest from our Knowledge Center

0

Article

The Changing Face of Cyber Extortion

Over the last couple of years, ransomware, malware that locks up computers or data, has burst into the collective consciousness of businesses and governments worldwide.  High profile ransomware attacks have brought operations to a halt, leading organizations like the Hollywood Presbyterian Medical Center to pay thousands of dollars in untraceable cyber coin to get operations back on track. While the threat of stopping operations loomed large, ransom costs were small in comparison to the typical costs of a data breach.  The data was not actually stolen (presumably), and the primary defense—good data backups—was straightforward. So for many organizations, ransomware seemed like a manageable risk. But now ransomware is evolving, attacks have become commonplace, and privacy regulations are updating to include ransomware attacks. Information security, privacy, and risk management teams need to stay abreast of these threats and beef up their defenses on the assumption that this kind of cyber extortion is here to stay. Ransomware is Not a Blip Ransomware is the criminal equivalent of fast food: it’s easy, it offers near-instant gratification, and it makes their coffers fat. So it’s no surprise that the tactic has grown quickly. Symantec’s 2016 Internet Security Threat Report found that ransomware attacks increased 35% in 2015. They estimate that between businesses and consumers, there are at least 4,000 ransomware attacks per day. According to an August 2016 study by Osterman Research, nearly 50 percent of U.S. organizations surveyed had been victims of a ransomware attack in the last 12 months. Cyber extortionists pick their targets carefully, looking for organizations that have the most to lose if operations are shut down or critical data is lost. As you would guess from the news headlines, healthcare was the industry most commonly targeted, since a loss of information access there can be life-threatening.  But healthcare was closely followed by financial services and manufacturing (where an operations shutdown can cost millions of dollars a day), and then government.  Only 37 percent of U.S. organizations were confident in their ability to stop ransomware. The Escalation of Ransomware Until recently, businesses hit with ransomware could find slight solace in the fact that ransomware locks data in place, so these attacks don’t entail all the costs and complications of a data breach. But that is changing fast. Healthcare was the first industry to feel the change when, in mid 2016, the Office for Civil Rights (OCR) of the Department of Health and Human Services (DHHS) said that any ransomware attack involving protected health information (PHI) may be considered a data breach under the Health Insurance Portability and Accountability Act (HIPAA). But experts have warned that, even if a ransom is paid and files are unlocked, attackers could leave hidden malware ready to exfiltrate data or lock files again. So ransomware victims in any industry need to prepare for the possibility of an ensuing breach. More recently, a new kind of cyber extortion has made the breach threat explicit. Dubbed “doxware” after the slang term for posting stolen information on the Dark Web, this kind of ransomware not only holds data hostage through encryption, it also threatens to expose the data publicly if the ransom isn’t paid. So you can now choose: face the cost of ransom or the costs of a data breach. Because you’re dealing with criminals, paying the ransom doesn’t guarantee that information won’t be stolen, but not paying guarantees that it will be. Beyond Backups The FBI and other law enforcement agencies have advised against paying ransom. For plain old ransomware, that’s a straightforward choice for an organization that has good backups. But once the costs of a doxware breach are figured in, the ransom equation becomes less clear. The best solution is to invest up front to stop extortionware. Encrypting data at rest can help defend against the threat of data exposure through doxware. For ransomware, in addition to having secure, working backups and keeping up with security patches, the FBI recommends training to help staff resist phishing and other malware-delivery tactics. (Interestingly, the Osterman survey found U.S. companies are more likely to invest in ransomware-related staff training than those in other countries.)  The FBI also recommends keeping strict control of file permissions, application whitelisting, and penetration testing—basically, attempting to hack your own systems.  Security software can also help to detect ransomware and other “extortionware,” but new variants are cropping up so fast that security vendors can’t keep pace. Many organizations are now considering data loss prevention (DLP) tools that use machine learning to track normal behavior for a computer system so they can flag abnormalities that might signal an attack in progress.  As the Osterman report notes, U.S. businesses tend to rely on training to combat malware, but with so many points of entry, it’s inevitable that something will get through sometime. There needs to be other internal lines of defense. Ransomware Readiness Now At the beginning of 2016, experts predicted it would be “The Year of Ransomware.” And so it was. But until the tech world can produce 100% secure software, which is highly unlikely, we will not see a year without ransomware. For what it’s worth, whatever measures we take to fight cyber extortion will also help to protect us against cyber attacks of all kinds. No step towards greater information security is wasted.

Have questions? We’d like to help

Let's discuss your specific needs & how we can support your strategies

Get the latest intelligence in your inbox

Learn about the latest solutions, tools, case studies, & regulations from industry experts