The education sector is an increasingly popular target for hackers due to the sheer volume of rich personal and research-based data open to attack.
Technology has a dramatic impact on the way people live and learn, putting relentless pressure on institutions to remain agile, accessible and secure. This becomes particularly important against a shifting backdrop of student hyper-connectivity, multi-purposing BYOD, and large-scale collaborative data sharing.
British university cyber security breaches have doubled in the past two years hitting 1,152 in 2016-17, according to new figures obtained by The Times. DDoS attacks are also rampant, taking out systems as well as online courses and exams. A recent and indicative attack tactic even saw cyber criminals posing as the Department of Education before unleashing ransomware mayhem.
>See also: Is cyber security education a waste?
Today’s bad actors are no dunces and have an almost limitless capacity for classroom disruption. Switched on institutions already know there is plenty of homework due to regain full classroom and network control.
Ensure privacy by design
Educators need to rethink their cyber security strategies to embrace the notion of ‘privacy by design’, ensuring that operating systems, browser software and apps are up to date and designed to safeguard against the latest threats.
>See also: The growing cyber security threat to the UK education sector
IT teams must evaluate where data is stored and ensure networks are built with security at the heart and that every connected device has the highest level of protection. Automatic device and system updates are crucial, as are constant virus scans. Setting a minimum-security requirement, as well as educating students and staff on safe password etiquette, should also be mandatory.
Always backup and encrypt
Don’t wait until it is too late. More than ever, it is important to regularly initiate data back-ups using both physical and cloud-based storage. Advanced perimeter protection is all well and good, but there is often a failure to adequately secure vital data that sits within applications. Encryption is vital if a device is lost, stolen, or if a hacker breaks into a system to hold data for ransom.
Teach students how to be safe
Children may be more connected than previous generations, but they don’t necessarily have the knowledge to stay safe. Educators have a big responsibility here. Robust awareness-raising programmes should be in place to drive best practice from the outset, including exploring the meaning and nuances of online privacy and security, discussing which types of information should remain private, and what to do if misuse is suspected.
>See also: Upskilling, the forgotten solution to the cyber security gap
Any cyber-education programme must keep pace with student needs. Every step in the development stage brings elevated threat levels as a wider range of devices and networks enter the mix.
Students aren’t the only ones under fire. Teachers also need continual training if they are to effectively practice what they preach. Key focus areas should include safe password usage, particularly avoiding login duplication across multiple sites like school systems and social media sites. Clear and continually updated policies should be in place to comprehensively detail post-breach response duties.
Continue to educate staff on best practice
Technology is already bringing unprecedented benefits to educators and students alike, and a collective responsibility is needed to ensure the march of progress stays firmly on track. Substantive, sustainable cyber security achievement is an ongoing process. It requires constant focus and is a subject nobody can afford to fail.
Sourced by Vincent Lavergne, Systems Engineering director, F5 Networks