Verizon is out with their latest (2019) Data Breach Investigations Report (DBIR) today (note: registration wall). While their definitions of the ‘education’ sector (“educational services”) make common-sense interpretations of the findings for U.S. public K-12 schools problematic (if not impossible, as I discuss here), the trends over time are enlightening.

Nonetheless, this analysis and advice from the report authors rings true to me:

“Many of the breaches that are represented in this industry are a result of poor security hygiene and a lack of attention to detail. Clean up human error to the best extent possible – then establish a baseline level of security around internet-facing assets like web servers. And in 2019, 2FA on those servers is baseline security.”

Multi-factor/2FA authentication has a long-way to go in terms of its penetration in the K-12 sector to date. Here’s hoping that the 2020 DBIR report will show evidence of greater adoption.