Improving cybersecurity in education systems

cybersecurity
(Image credit: Pixabay)
About the author

Nick Walter is the Head of Commercial and Education at Acer.

Cybersecurity is one of the fastest growing industries in the world. We already know that businesses, organisations, and government entities must follow certain guidelines in order to protect sensitive information. However, the education sector equally possesses important assets of data to protect. According to the report sponsored by VMware, cyber-attacks on UK universities presents an increasing risk to national security. This clearly indicates that the education sector must begin addressing any risks posed from cyber-hacks with immediate action for overall security

How is the education sector under threat?

Over the recent years, the education sector has become more susceptible to cyber hacks due to the following motives:

  • Financial gain – A motive for hackers carrying out an attack on an education institution is often for financial gain. With Universities & Colleges handling a large number of student fees, they’re a prime target for cybercriminals;
  • Data theft – All institutions hold student and staff data, including sensitive details like names and addresses. This type of information can be valuable to cyber criminals who could potentially exploit the information to a third party.

Why are cyber hacks becoming so common within the education sector?

As seen above, schools have become vulnerable to hacks due to sensitive data and financial gains. However, the attacks have now become so common and often successful to the detriment  of the industry; let’s look at a few key reasons:

  • A lack of resources– potentially the lack of budget to invest in cybersecurity, be it security software or staff;
  • Cultural issues – a ‘Bring Your Own Device’ culture is common in educational institutions and can present difficulties in securing the wider network, particularly with IT staff already facing stretched resources, without a suitable MDM solution;
  • An absence of policy – setting out policies for using the network and making sure they’re adhered to can be difficult in large institutions with a dynamic user population.

How can the education sector take measures towards cybersecurity?

As mentioned, the cyber security related risks from technological devices remains a primary concern for the education sector. Therefore, we have devised a few top tips recommended to follow so that data remains secure and safe across the system: 

  • Password protection on laptops and other devices. 

People forget to secure their password safely and securely, loosely sharing information amongst peers and other staff members. Therefore, one of the first basic yet most effective cybersecurity practices is to secure and protect passwords. 

The best practices to secure passwords includes using a mix of characters, not re-using university provided passwords, changing annually, and never sharing your password.

Most data breaches are the result of human error. A strong school network security regimen holds no great significance if students and staff don’t understand how to mitigate risk. Therefore, introduce cybersecurity training for all staff and students who regularly make use of technology on school grounds. Such training may include:

  • How to identify safe and unsafe sites
  • Spotting phishing attempts or other scams
  • Using antiviruses, malware or another frontline defence

By investing time and expenses in the actual training the mitigation strategy in place will be twice as more effective; if a risk does develop it will be more likely to receive an early detection and do-little damage once addressed. 

  • Place clear policies and more importantly ensure everyone follows it

The more you know where your vulnerabilities are, the better prepared you can be to prevent against them. If you already have cybersecurity policies in place, a formal audit can help you validate whether your university is enforcing the policies that were set. 

Audits are typically performed by third-parties. If you don’t have clear cybersecurity policies in place, an assessment of your technology infrastructure, organisational policies, and user-training can give you the full picture of where your biggest risks lie.

Importance of Cybersecurity within Education

It is apparent that today no sector is immune from the threat of a cyberattack and this sadly includes schools and universities. The voluminous data these institutions hold as well as the increasing number of connected devices makes this sector a vulnerable domain for cyber-hacking. 

Given the complexity of networks today, and of the threats to their security, traditional anti-virus solutions are also no longer enough. Therefore, manually following the above best practices ensures you are covered as a vicinity from all areas. Cyber security is no longer considered just an IT issue but is holistically approached throughout the organisation and hence should be treated as a collaborative effort to mitigate.

 

Nick Walter is the Head of Commercial and Education at Acer.