Cyber security in education

When it comes to cyber security, there is no such thing as locking the stable door after the horse has bolted

James Breakell, UK Managing Director of leading library security provider, D-Tech International, looks at the threat of cyber-attacks faced by education facilities and how they can protect themselves 

Here at D-Tech International we design, develop and manufacture high-performance RFID products and library security systems. Our software is installed locally on the self-service units or client’s IT network and whilst we do not provide our own Anti-virus software we would remind our customers to add any new peripherals to their current internet security software. As well as self-service and security solutions, we also provide modular locker systems to store, charge and deploy laptops and other devices.

Whether this is to facilitate a Bring Your Own Device (BYOD) scheme or the loan of establishment-owned laptops raises two different sets of potential IT issues. According to Qihu 360, an anti-virus software firm, more than 4,000 educational organisations were amongst the 30,000 institutions said to have been paralysed by the May 2017 global cyberattack, known as Wanna Decryptor ransomware, or WannaCry. Cyber-attacks and ransomware are certainly hot topics right now, and the following article will look at some of the ways education facilities can mitigate their risk.

The risks to the different sectors of the education industry are likely to be increased in line with the range and level of education the establishment provides. In short, a small village primary school is less likely to fall foul of a ransomware attack than a multi-campus university. But no establishment is immune, and it only takes the careless opening of a malicious email attachment, for everything to go horribly wrong.

First things first

When it comes to cyber security, there is no such thing as locking the stable door after the horse has bolted. Cyber criminals are always looking for ways to extort money or create disorder, and there are an alarming number of extremely creative and clever hackers working around the clock to access data illegally or create malware. That is why it is imperative for every organisation to review their protection and contingency planning regularly. If you don’t have sufficient expertise in-house, then out-source, because the cost to reputation alone, if sensitive data is accessed or stolen, will make that investment viable.

What is Ransomware?

Ransomware locks or encrypts computer files, making them inaccessible to users. Ransomware can enter your system through a range of media including emails, email and social media links, and unsafe websites. It will either encrypt your files or lock your screen and will require payment of a ransom before giving you back access to your files and system.  Ransomware hackers usually demand payments in Bitcoin, the anonymous digital currency, but there is no guarantee that they will remove the ransomware once paid.

 So, what can you do to protect yourself?

  • Check your anti-virus and anti-malware software and systems are up to scratch and make sure you install updates when they become available. Check what systems are connected to or accessible from the internet. If they don’t need to be, then disconnect them.
  • Make sure you back up your data regularly, that way you can restore to a ransomware-free system.
  • Train ALL your staff, make sure they understand how easy it is to upload a virus or malware inadvertently, and that it is an issue that affects the whole organisation, not just IT. 

The BYOD argument

Your finance department may be jumping for joy if you adopt a BYOD scheme at your establishment, but it could prove to be a false economy unless it is managed carefully. The advantages are obvious: users are more familiar with their own devices, so no time is wasted learning how to use them; resources can be diverted from technology procurement; students are more likely to continue their studies after hours; engagement can be enhanced. The disadvantages can be far-reaching and catastrophic. Your wireless network may need attention; your IT department will need to keep on top of the challenges BYOD creates; not all students may be in possession of their own device, so an alternative solution needs to be available if the use of a computer is a curriculum delivery requirement. BYOD presents a lack of control for IT security and maintenance. 

The BYOD Solution

If BYOD is the way forward for your organisation, then it is paramount to put a strategy in place to manage it effectively. A BYOD policy is a must-have and make sure all the relevant stakeholders have an input into its creation. Look at accessibility, integration, implementation and security. Security includes network security; ensure your students can only gain access to the data they need; and device security; where will they store and charge their devices when not in use? 

In summary

The impact on your reputation, your operations and your financial resources from a successful cyber-attack can be far-reaching and longstanding. From data loss to extensive downtime, your IT department carries a heavy weight of responsibility on its shoulders. Make sure it is supported and empowered to test its security measures regularly. A collaborative approach is essential to ensure disaster recovery plans are up-to-date and achievable. Don’t restrict training and testing to desk-top exercises; hold impromptu testing of procedures. Cyber-security is not an area to scrimp on, however tight your budgets are, but one of the cheapest and often most effective ways of protecting yourself is to educate; and nobody is better placed to do that than you.