Data breaches don’t just hit big box stores like Target and Home Depot. Increasingly, colleges and universities are attacked by cyber threats, putting potentially millions of students and administrators at risk.

According to Verizon’s 2016 Data Breach Investigations Report, the education sector ranked sixth overall in the country for the total number of reported “security incidents” last year.

American universities face huge cybersecurity challenges. Schools must take critical steps to get up to speed.

Schools = data. And hackers love data.

One source cited by the Huffington Post described the education sector, particularly at the college and university level, as a “virtual buffet of valuable data.”

Schools have what hackers want and in massive volumes. Think personal information like Social Security numbers, birth dates, financial profiles, medical records — not to mention innovative research in science and engineering.

The breadth of data makes them attractive to a wide range of cyber thieves — from organized crime to state-backed hackers and even hacktivists.

Hackers love the sick spots.

School health facilities are a top target since medical records equal mega cash on the dark web. According to CNBC, the value of these records is worth up to 60 percent more than swiped credit card numbers. Healthcare breaches are just too tempting for thieves.

Finding cybersecurity dollars isn’t easy.  

Schools have an uphill (but not insurmountable) climb against cybersecurity. One of the most pressing issues is budgets. Jumpstarting a modern cybersecurity program is pricey — not just to get it set up, but also to maintain it. As a point of reference, Rutgers University spent between $2-3 million in one year.

With budgets already tight, finding the dollars to support university cybersecurity improvements isn’t easy. Raising fees, taxes or tuition rates are rarely popular options.

Big schools mean big security woes.

Hackers target colleges and universities because of the sheer volume of data they can potentially steal. University networks are large and sprawling and house many varieties of sensitive data. Eliminating weak points in the network is not an easy undertaking, especially for an IT department without sufficient training in cybersecurity.

Colleges are also extremely accessible, which can be problematic when it comes to security. The networks and data need to be able to be accessed by a number of people — from students to instructors and administrators. So while this accessibility is key to keeping a school running smoothly, it makes it easier for thieves to steal data.

Also read: Are You Cramming To Create A Cyber Secure Campus? >>

What can be done to protect colleges and schools in general? According to EdSurge, there are three critical steps:

Secure everything.

We are tethered — albeit wirelessly — to our mobile devices. But it’s imperative schools don’t give hackers unfettered access to data by not securing every smartphone, tablet and PC.

Encrypt everything.

By encrypting data, you keep it from ending up in the wrong hands. While many educational facilities have strong firewalls, not many take the next steps to protect data at rest. Every bit of data housed on a disk should be encrypted.

Educate everyone.

Experts also suggest educating staff and students about cyber crime — what is is, how criminals steal data, and what it means for all of us in this ever-increasingly digital world.

A partner of Fortinet, ResilientIQ offers the services, technology and higher education network security experience to put your cybersecurity on course.