The coronavirus pandemic has caused unprecedented disruption across a wide range of industries, but nowhere more so than the education sector. With a significant number of educational institutions ill prepared and inexperienced in such remote working practices, they’ve quickly become the target for criminals and hackers looking to infiltrate their networks and steal the wealth of sensitive personal data contained within them. To combat this, institutions must ensure they’re doing their utmost to follow IT security best practice where possible.
Conduct regular cybersecurity training for all faculty members
It’s much easier to spot an attempted cyber-attack if you know what to look for, which is why regular cybersecurity training is essential. Many cyber-attacks begin with social engineering and/or phishing emails, and with the volume of email traffic between teachers and students exponentially higher at the moment, it could be much easier for someone to carelessly click on a compromised link or attachment.
Ensure all staff are using unique passwords for each online account
Re-using the same old passwords/credentials across different accounts is always a major security risk. Should an attacker manage to get hold of one set of credentials (eg a teacher’s Zoom login), they’ll quickly attempt to use them to access multiple other accounts (such as cloud storage drives, Windows credentials, etc), which can lead to a more serious breach that’s much harder to contain. Thankfully, a small change in staff behaviour, combined with regular password expiry protocols, can quickly mitigate this threat.
“Leaving devices unpatched is a major gap in any organisation’s security posture and should be avoided at all costs”
Ensure operating systems and software are kept up to date on all IT equipment
Operating system and software updates are not only important from a functionality standpoint, they also contain critical security updates that patch vulnerabilities. Where possible, enable automatic software updates to streamline the process and ensure you (and your staff) are always up to date.
Leaving devices unpatched is a major gap in any organisation’s security posture and should be avoided at all costs.
Consider utilising data protection software on faculty IT devices
Despite its widespread popularity and usage, traditional antivirus software only offers a baseline protection against well-known malware. This is simply not enough to stop many attackers, who use more sophisticated methods to penetrate systems and steal sensitive data. For more comprehensive protection, consider using data protection software that resides on the kernel level of endpoint devices and provides full visibility of all data being accessed and transmitted. The software should have the capability to fully lockdown confidential data, both structured and unstructured, and place enforcement policies on it to completely prevent it being removed from the IT environment it resides in without permission.
Keep an eye out for suspicious user activity
Monitoring user behaviour for suspicious activity is one of the quickest ways to detect a security breach before it causes major damage. If suspicious activity is identified, all parties involved should be notified immediately. Even with other forms of data protection in place, vigilant monitoring is still often the fastest way to identify a compromised account.
The ongoing pandemic has forced many organisations across the education sector to completely change their way of working, switching from traditional classroom based learning to e-learning almost overnight. Doing so has left many of them exposed to a wide range of cyber-attacks from both internal and external threats, putting sensitive data at risk. Fortunately, by following the best practice tips laid out in this article, many of the threats can be minimised, allowing teachers to get on with doing what they do best – educating and inspiring their students.
You might also like: Understanding the five layers of data protection