The education sector is an increasingly popular target for hackers due to the sheer volume of rich personal and research-based data open to attack.
Technology has a dramatic impact on the way we live and learn, putting relentless pressure on institutions to remain agile, accessible and secure. This becomes particularly important against a shifting backdrop of student hyper-connectivity, multi-purposing BYOD, and large-scale collaborative data sharing.
British university cybersecurity breaches have doubled in the past two years hitting 1,152 in 2016-17, according to new figures obtained by The Times. DDoS attacks are also rampant, taking out systems as well as online courses and exams. A recent and indicative attack tactic even saw cybercriminals posing as the Department of Education before unleashing ransomware mayhem.
Today’s bad actors are no dunces and have an almost limitless capacity for classroom disruption. Switched on institutions already know there is plenty of homework due to regain full classroom and network control.
Ensure privacy by design
Educators need to rethink their cybersecurity strategies to embrace the notion of ‘privacy by design’, ensuring that operating systems, browser software and apps are up to date and designed to safeguard against the latest threats.
IT teams must evaluate where data is stored and ensure networks are built with security at the heart and that every connected device has the highest level of protection. Automatic device and system updates are crucial, as are constant virus scans. Setting a minimum-security requirement, as well as educating students and staff on safe password etiquette, should also be mandatory.
Always back-up and encrypt
Don’t wait until it is too late. More than ever, it is important to regularly initiate data back-ups using both physical and cloud-based storage. Advanced perimeter protection is all well and good, but there is often a failure to adequately secure vital data that sits within applications. Encryption is vital if a device is lost, stolen, or if a hacker breaks into a system to hold data for ransom.
Teach students how to be safe
Children may be more connected than previous generations, but they don’t necessarily have the knowledge to stay safe. Educators have a big responsibility here. Robust awareness-raising programmes should be in place to drive best practice from the outset, including exploring the meaning and nuances of online privacy and security, discussing which types of information should remain private, and what to do if misuse is suspected. Any cyber-education programme must keep pace with student needs. Every step in the development stage brings elevated threat levels as a wider range of devices and networks enter the mix.
Students aren’t the only ones under fire. Teachers also need continual training if they are to effectively practice what they preach. Key focus areas should include safe password usage, particularly avoiding login duplication across multiple sites like school systems and social media sites. Clear and continually updated policies should be in place to comprehensively detail post-breach response duties.
Continue to educate staff on best practice
Technology is already bringing unprecedented benefits to educators and students alike. It is our collective responsibility to ensure the march of progress stays firmly on track. Substantive, sustainable cybersecurity achievement is an ongoing process. It requires constant focus and is a subject nobody can afford to fail.
[su_box title=”About Vincent Lavergne” style=”noise” box_color=”#336588″][short_info id=’104187′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.