Vertical Markets

Growing data security threat to sector

by Mark Rowe

In recent years, it has become evident that no industry is exempt from cyber security threats. This is no different for the education sector. The industry is in the middle of a shift to e-learning and remote studying, meaning the risk of attack is only going to increase in years to come. In fact, Microsoft Security Intelligence found that 60pc of nearly eight million cyber attacks reported this year came from devices within the education sector, demonstrating the troubling state of cyber security in this space, writes Alan Hayward, pictured, Sales and Marketing Manager at SEH Technology.

With tight budgets being an ongoing struggle for the education sector, IT infrastructure is often an afterthought. This means that hardware and software can be outdated and easily hacked by cyber criminals. Cyber hackers are always on the hunt for opportunities to exploit valuable data, and having up-to-date hardware and software makes it more difficult for hackers to access the data.

Many educational institutions also allow students and staff to connect to the school network from their personal devices on-premise and at home. This can open up opportunities for cyber criminals to breach the network, track internet traffic and potentially collect confidential data. These personal devices may lack the same level of security tools built into those on-site, such as antivirus software, customised firewalls or automatic online backup tools. As a result, this can increase the risk of malware finding its way onto devices, leading to information or data leaks.

With that in mind, the biggest risk to the education sector relates to business continuity after theft of data or damage to a network. This will have an immediate impact on facilities and will prevent it from going about its teaching. However, information may also be stolen, without the owner’s knowledge, with eventual costs not being realised until a later date.

The sheer amount of data that education facilities hold, in addition to the increasing number of connected devices, makes this sector a vulnerable domain for cyber hacking. Given the complexity of networks, traditional antivirus and firewall solutions are no longer sufficient. Educators can look to introduce Virtual Private Networks (VPNs). This will allow students and staff to access IT resources securely, including email or file services. VPNs create an encrypted network connection that authenticates the user or devices, and secures data in transit between the user and the education facilities’ services.

USB dongles are hugely popular in the education sector and will often contain huge amounts of valuable or sensitive data. They can also easily be misplaced and when inserted into a school’s IT system, malware can be introduced. These dongles may be openly shared amongst students or staff, making it more difficult to track what they contain, where they’ve been, and who has used them. Dongle servers are a popular alternative as they allow USB dongles to become available over a network. This means copy-protected software can be used as normal, but users don’t need to connect the license dongles directly to their client, minimising the risk of data breaches and attacks on the network.

Many data breaches are a result of human error. Therefore, it is vital to introduce cyber security training for staff and students to ensure that they understand how to mitigate the risks. They should also be trained on the use of their devices in both on-site and remote scenarios. This will include secure storage and management of user credentials or passwords and how to report a cybersecurity incident, as well as building an awareness of the risks and the ways that they can be prevented.

Cyber security is no longer considered just an IT issue but one that should be approached collaboratively throughout the education sector. Even though budgets remain tight, there are a number of measures that can be taken within the education sector to help prevent unauthorised access to the network. This includes introducing Virtual Private Networks, utilising dongle servers and training students or staff in best practices. The resulting cybersecurity policy should determine the processes that need to be put in place to minimise the risk of attacks and be shared amongst all stakeholders within the education facility.

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing