Education institutions need to make cybersecurity a priority. Despite the sector facing major challenges such as a lack of staffing and a lack of funding and resources, cyberattacks are no less frequent or less severe in education. In fact, they seem to be gaining ground in prevalence year on year as instances of breaches in schools and higher education are widely reported.
The challenges Education is facing
The JISC report also investigates the challenges facing IT professionals when it comes to protecting Education networks. When asked to rate how well their institution is protected on a scale from 1 (not at all) to 10 (very well), further education scored lower overall than higher education. The mean score for further education institutions was 5.9, while higher education scored 7.1.
The rationale behind lower scores included:
- A lack of resources and budget – potentially pointing to the lack of finances to invest in cybersecurity, be it software or staff.
- Cultural issues – a ‘Bring Your Own Device’ culture is common in Educational institutions and can present difficulties in securing the wider network, particularly with IT staff already facing stretched resources.
- An absence of policy – setting out policies for using the network and making sure they’re adhered to can be difficult in large institutions with a dynamic user population.
Despite these challenges, the Education sector is still expected to secure its networks against unauthorized access and cyber threats. Especially when the repercussions can be as severe as the examples we discussed earlier.
But there are some critical steps every institution should undertake to lay the foundations for a secure IT network.
How Education is targeted
JISC’s 2018 Cybersecurity Posture Survey questioned IT professionals within further and higher education. They were asked to name the top cyber threats facing their institutions, and the top three answers give us insight into the most common ways Education networks are breached.
Phishing – Phishing scams often take the form of an email or instant message and are designed to trick the user into trusting the source in a fraudulent attempt to access their credentials – whether that’s sensitive student data or confidential research.
This type of attack is highlighted as the top threat facing higher education venues, suggesting hackers regularly target the sector using the method.
Ransomware/Malware – Also in the top three cyber threats highlighted by the report, ransomware and malware attacks prevent users from accessing the network or files and cause disruption. More advanced forms of this threat can see attackers hold files for ransom.
Ransomware or malware typically infects devices using a trojan, a file or attachment disguised to look legitimate. However, some ransomware (like the WannaCry attack) has been shown to travel between devices without user interaction.
Lack of awareness – The third threat listed by professionals in both further and higher education is a lack of awareness or accidents. This could be on the part of staff or students who aren’t sufficiently trained to practice good cyber hygiene or accidentally compromise the network.
Despite taking on different appearances, human error plays a key part in each of these three Education sector cybersecurity threats. However, with better overall cybersecurity training, and awareness of the motives and methods of attackers, education venues could better protect themselves against cyberattacks.
Top tips for securing your Education IT network
With the challenges of poor funding and a lack of resources, the Education sector should focus its efforts on minimizing the risk of a cyberattack, rather than a reactive attitude after one has happened.
Providing basic training for all users of your network is one way to mitigate the effects of a lack of funding and resource.
This can be something as simple as sharing a handbook with staff and students including information about what to look out for, and tips for practicing good cybersecurity hygiene. Giving people the necessary information to protect the network at all access points, could reduce the number of incidents caused by human error.
Another cost-effective way to protect the safety of your institution and its students is to implement a user-friendly multi-factor authentication (MFA) tool.
Including that extra security step for users who are logging onto the network will help prevent unauthorized access. An easy-to-use platform should be high on your list of things to look for in an MFA provider.
If users can use a platform self-sufficiently, there’s less likely to be a need for administrative support, so education facilities can save on overheads without compromising network security.
These are just some of the cost-effective ways to protect your School, University, or College from any form of unauthorized access. With the increasing frequency and potential severity of cyberattacks posed to the Education sector, it’s crucial that IT professionals can work to find a solution to challenges like a lack of funding.