Risks in Education
Whether students are 6-years-old or 40, educational institutions are responsible for providing them with a safe, productive learning environment free of risks. Education risk management is becoming increasingly important as institutions move away from simply checking boxes for compliance; they are learning how risks are connected and creating action plans and policies from those findings. Schools and universities can take action to mitigate risks and lessen the severity of incidents by taking an enterprise approach to their risk management strategy. Below are 5 risks that need to be accounted for and reviewed by the educational organizations.
Cyber & Privacy Liability
The education industry remains an easy target for cybercrimes such as phishing attacks or cyber extortion. With such a large number of both staff and students, students are less likely to recognize if an email is from a fake authority figure or classmate. Although students get their own login with limited access rights, accounts can be hacked and data stolen from both users and faculty that has access to more sensitive data and PII such as social security numbers, grades, or addresses.
According to GovTech, 6,515 breaches were reported in 2018 and the Education sector accounted for 6.5% of these, roughly 423 incidents. That’s such a large number and data breaches are often so focused on in the news, that it seems as though this has lost impact on readers as it becomes more common. Nevertheless, data breaches remain a serious issue that cause lasting negative impact.
Education management and governance groups are required to remain compliant with an assortment of local, state, federal, and private regulations. Consequences of noncompliance can range from loss of funding, loss of accreditation, or even lawsuits. Title IX and the Clery Act are surely familiar topics for anyone keeping up with higher education in the US. Michigan State, for example, was hit with a $4.5 million fine for institutional neglect/disregard for federal rules on campus safety.
The Drug-Free Schools and Communities Act Amendments of 1989 (DFSCA) for example, requires institutions to combat illegal substances by distributing comprehensive policies, standards of conduct, and implementing prevention programs. These must be reviewed every other year.
ADA website accessibility is another focus for educational institutions, as recently many have been served with lawsuits alleging school websites are not coded in such a way that they are accessible to the visually impaired through screen readers, subtitles, or other means.
Active Shooter/Physical Security
In 2019 alone, Education Week reports 25 different shootings that took place on school grounds or at school-sponsored events, a number that continues to climb in recent years. The number of injuries/fatalities in school shootings K-12 can be seen here. As different discussions take place on the best course of action, new risks become possible. For example, arming teachers could increase student safety from an active shooter, but could also increase the likelihood of a gun being stolen from staff, armed staff being seen as a threat by law enforcement when they arrive, an improperly trained staff member misfiring a weapon, etc.
As discussions continue, we know focus on physical security remains important and having policies in place that are circulated and practiced become key. Many K-12 schools now have metal detectors at staffed entrances that require sign-ins from non-students. Campuses have locks that require an active student id to gain entry. Constant video surveillance in marked areas is a deterrent as well. All of these factors contribute positively, but an Emergency Action Plan (EAP) is crucial. This plan covers lockdown procedure, evacuation, how the presence of an active shooter is communicated, etc.
Reputation is always a concern in a time where news is available on numerous devices at all hours of the day and negative headlines score the highlights. In education, reputational risk is emerging as a top risk due to how quickly it can spread and the impact it can cause to institutions.
Some of the top reputational risks seen today are related to campus climate, which includes the diversity of the student body and faculty, campus safety, speakers, and student organizations. Academic programs are also a scrutinized field, looking at program integrity, faculty conduct, grant distribution, job placements, etc.
Data loss typically occurs due to errors or mishandling in storage, transmission, or processing. However, this risk is ranked highly for intentional damage to data. Data loss, depending on the data, can result in sizeable costs to restore the information. In some cases, the data can be invaluable if it was not correctly backed up or stored elsewhere.
In an incident that took place at Washington County Public Schools, 22,000 students lost access to their grades and future class schedules after a small fire damaged servers. The data could not be recovered. An incident like this on a larger scale or at a college would cause much more costly and likely irreparable damage.
RiskWatch for Education
Education risk management can be a complicated process, but RiskWatch software simplifies it for you with automation and workflows. We have ready-to-use content libraries, or you can upload your own custom content. These content libraries address different areas of concern, such as our active shooter library or industrial physical security. Monitor data in real-time on the dashboard to visualize risk and compliance or identify problem areas. Automatic reports include assessment criteria, security gaps, recommendations, and task status.
Start today, for free! No payment information required -just enter your business email address for free access.