Culture / Why cyber security in education is a battle worth fighting for
Why cyber security in education is a battle worth fighting for
18 June 2019
Adrian Jones, CEO at Swivel Secure, explores how schools and universities can start taking the revolutionary steps to protect their institutions from cyber attacks before it's too late.
Cybercrime has been a key focus on the political agenda, ever since the updated National Security Strategy in 2016 and in the process, gained a considerable amount of government investment.
It’s money well spent, with an estimated 33 billion records to be stolen by cybercriminals in 2023 - in particular the education industry, with a reported 1,152 attacks taking place between 2016-17 on Higher Education venues, which is double over the past 2 years.
But it’s no secret that education institutions fall shy of sufficient funding to support their cyber security needs.
The real battle therefore lies with securing funding that is sufficient enough to protect student and staff sensitive information. Despite the updated National Security Strategy, cyber-hygiene has somewhat, slipped off the radar for Government funded schools and higher education institutions.
Unfortunately, this is a problem that cannot simply be swept under the carpet. As a result, the education sector is suffering with an increasing susceptibility to hackers’ malicious activities.
During a technologically-advanced era, where hackers are able to break down university cyber-defences within 2 hours, the education sector stands like a rabbit in the headlights.
Also of interest: Quantum computing: is our education system ready?
Ambushed by a lack of knowledge
It is self evident that every school, college and university is unique, and that this is also reflected in their network architecture, applications and data. With extreme diversity across educational facilities, it is no surprise that each scenario requires a unique approach to protecting unauthorised access.
But with designated budget needed to cover an entire organisation, resources tend to be spread quite thinly, making them more vulnerable to hackers.
In addition, there tends to be a general lack of training and understanding towards cyber security in the education sector. In fact, it has been found that only 3% of students are trained in cyber security, with a further 52% wanting more training for students.
For example, a lack of training could increase the vulnerabilities to the network, where students bring their own devices and casually log into unprotected applications. The physical dangers are just as detrimental and can be as simple as a laptop being left logged-in or passwords written on a post-it note.
Education institutions are often seen as ‘easy targets’ by the typical hacker, with a general lack of staff and student understanding of what’s required to be secure and how to avoid common cyber security traps. Many have become not just an easy target, but a useful one, with highly sensitive data just a few clicks away.
This could include the student’s personal information such as private records; not to mention potentially groundbreaking university research. This type of information can be valuable to cyber criminals for several reasons, whether they plan to sell the information to a third party or use it as a bargaining tool to extort money.
So why is cyber security proving such a struggle for so many schools and higher education facilities? The problem lies with the current association with cyber security. Other than it being complicated and intimidating, students like to disconnect themselves from anything security related and let the IT department solve the problem before it arises, or worse, after a breach.
Also of interest: Cyber security: whose responsibility is it anyway?
Simplicity on the front lines
Simplicity is therefore a great path to consider in an effort to tighten education cyber defences, from both a policy and solution perspective. A cost-effective and simplistic way to protect the safety of your institution and its students is to implement a user-friendly multi-factor authentication (MFA) solution.
Any MFA platform should include extra security steps for users who are logging onto certain areas of the networks applications, this will help prevent unauthorised access.
The platform should be intelligent and dynamic enough to provide the appropriate level of authentication for each scenario i.e. per user, per application. Features such as single sign-on (SSO) can also be implemented during deployment, all helping to increase user efficiency and adoption.
Once staff or students are authenticated, they can access all of their applications without having to reauthenticate. Some consideration needs to be employed to ensure a risk-based solution prevents unauthorised access where required and retain simple, easy to use security for low risk applications.
Another issue could be the limitations on integrating with all of the platforms required at education facilities. Both schools, colleges and universities have an extensive range of applications and platforms to support their on-site and off-site requirements such as eLearning, so due diligence is essential when looking for an MFA solution to ensure it supports all of your applications, both modern cloud and legacy on premise software.
An intuitive platform should also be high on your list of things to look for in an MFA provider. If users can use a platform self-sufficiently, there’s less likely to be a need for administrative support, so education facilities can save on overheads without compromising network security.
These are just some of the cost-effective ways to protect your school, University or College from any form of unauthorised access. With the increasing frequency and potential severity cyberattacks pose to the Education sector, it’s crucial that IT professionals can work to find a solution to challenges such as a lack of funding.
Through the implementation of these intelligent solutions, including risk-based authentication, single sign-on and unified logins, schools and universities can start taking the revolutionary steps to block malicious hacks, providing the safe and protected space it so desperately seeks.