For students across the country, the turbulence of the pandemic has been a continuous source of uncertainty as schools, colleges and universities were forced to close their doors under lockdown. We’ve seen home-schooling and virtual classes replace physical contact hours, while the university ambitions of thousands rested on the decision of an algorithm until a last minute U-turn. Video meetings and collaboration platforms have been a lifeline for students over the past year, but educational institutions have been unable to escape a rising cyber-threat landscape.
With a single data breach costing £3.1 million on average, a successful ransomware attack could have severe financial and reputational repercussions. The recent disruption to term times has meant it’s more important than ever to ensure learning environments are just as productive in the virtual world as they are in a physical classroom. As breaches continue to take place, IT leaders at educational institutions must understand the nature of the threat and take action to secure their data.
Understanding the threat
The education sector is facing a wave of cybercrime as hackers look to harvest sensitive data for financial gain. In the past few months alone, the universities of Portsmouth, Northampton and Hertfordshire have all fallen victim to separate attacks forcing them to close campuses and cancel lessons. What’s more, recent government findings revealed that more than a quarter (26%) of further education colleges experienced at least one breach or ransomware attack per week last year.
“The education sector is facing a wave of cybercrime as hackers look to harvest sensitive data for financial gain”
The impact of these attacks can be considerable, with a third of institutions having experienced a loss of control, money or data as a result. Not only this, but cyber-attacks are a severe drain on resources, owing to the significant amount of recovery time needed to re-enable critical services. Recent incidents affecting the sector, for example, have led to the loss of student coursework, school financial records, as well as data relating to COVID-19 testing. Clearly, the consequences of these attacks could be severe not only for the establishments that fall victim, but for any students and faculty affected.
Avoidable mistakes are fuelling the risk
All too often, the origin of a breach can be traced back to simple slip-ups in online security posture. Over the past year, we’ve seen a rise in phishing emails where recipients are encouraged to open malicious files or links containing ransomware. Here, it’s up to the CIOs, CISOs and IT teams at educational institutions to provide students and staff with guidance around the tell-tale signs that constitute a likely breach attempt.
With the National Cyber Security Centre (NCSC) recently revealing millions were using their pets’ names as their password, it will come as little surprise that hackers are also regularly exploiting weak passwords. Personal information like this is often readily available on social media, where cybercriminals can find the details most commonly used in passwords and employ trial and error techniques to gain access to a user’s account.
Elsewhere, IT teams continue to be plagued by simple, yet avoidable security mistakes like password reuse. Our recent research revealed the average person uses the same password across four accounts in their personal and academic lives – while we’ve all grown accustomed to hearing news of data breaches, people fail to understand how easily their details could end up for sale on the dark web. This level of complacency not only puts the guilty offender’s details at risk, but could also have knock-on effects to others whose details are stored on exposed databases.
Creating a secure learning environment for all
The human element is often the weakest link in the security chain. With one in two people (52%) admitting they’d forget their passwords if they weren’t written down, IT teams can’t afford to let manual password management put sensitive data at risk. However, technologies exist to help users reduce password friction and limit the chances of student and faculty records falling into the wrong hands.
Removing the need to make a note of passwords, enterprise password managers can store an unlimited number of credentials in an encrypted, secure vault. In addition, secure password sharing capabilities improve departmental collaboration to better manage changing passwords and access when a new member of staff is hired or if one leaves. From there, single sign on (SSO) and multi-factor authentication (MFA) provide added layers of security.
Online security risks have risen substantially during the pandemic, and it’s become more important than ever for IT teams to be in control every step of the way. By providing greater visibility into campus-wide security hygiene, password management solutions help to bring peace of mind to overburdened IT teams that their institution’s data remains secure. With recent attacks leading to outages of critical learning resources and cancelled classes, a productive learning environment is now more reliant on solid cybersecurity defences than ever before. IT teams, students and faculty must therefore work together to improve security awareness and secure the next cohort of virtual learners.
You might also like: Virtual presenteeism isn’t just bad for staff, it’s bad for business