fbpx
0
protect data in the education sector

Protecting your data in the new school year

August is in full swing and going back to school preparations are just around the corner. Attacks are increasing across the education sector, it is more paramount than ever to increase cyber-security and protect important data heading into the new school year.

Author: Shannon Dority, Marketing Manager iStorage

Cyber challenges facing education

From personal data - such as names, addresses, financial information, credentials, visas and passports – to intellectual property, – such as groundbreaking and cutting-edge research - the plethora of valuable data educational institutions hold makes them a prime target for cybercriminals. In addition, many institutions lack adequate security measures, with lack of budget and training sited as the root cause. At the same time, further and higher education IT security teams face further challenges around different departments often utilising their own individual software, alongside relaxed internal systems intended for easy document sharing. These factors leave the sector increasingly vulnerable to cybercriminals who could cause a very significant disruption to an institution’s operations. It could even lead to the extreme case of permanent closure, which was seen with Lincoln College in Illinois when a ransomware attack led to its May 2022 closure.

Graham Harrison, Group IT Director for Lincoln College commented in the aftermath of the breach:

“Accreditation, certification and audits are no guarantee of defence against sophisticated, professional cyber-attacks. Because of the number of cyber-attacks against the sector and nationally, insurers are setting tighter criteria. This will lead to better cyber-security, but often requires significant investment. It is exactly the same with Cyber Essentials accreditation; it helps but won't guarantee safety.”

“I've concluded that further education (FE) colleges probably ought to be investing about a half to one percent of turnover on cyber security and ring-fencing that budget to ensure critical measures are implemented. Affordability is a constant consideration in FE, but as we discovered on that November night, the financial and human costs of dealing with a cyber-attack can far outweigh the cost of building a robust cyber security capability to keep staff and students as safe as possible.”

As the new school year gets underway, it is important for everyone across the sector to make it a top priority to increase cyber-security and protect important data. This not only includes administrative staff to protect the integrity of their institution, but also for students, professors/teachers and researchers to protect their work from being lost, stolen or corrupted from external networks. Having in place preventative measures to prevent an attack is the first line of defence, however it is essential to have a preparation plan in place that runs alongside in the event a successful breach and attack occurs.

How to Increase Cyber-Security in Education

With the beginning of the school year approaching, here are some tips and tools to help you best protect that valuable information.

Practice good digital or cyber hygiene.

This can involve steps like regularly updating your passwords, creating strong complex passwords, Using multi-factor authentication, making regular system and security updates, deleting unused software, and optimising regular penetration testing, amongst various others. While these seem like tedious tasks to do on a regular basis, they will benefit you in the long run. The data and information you hold is only as safe as your strongest wall of armour, so proactive steps to protect your devices from potential attackers is paramount.

Stay vigilant on the signs of a potential threat.

Phishing is still the most prevalent attack method within the sector, the rise of AI and new technologies have opened the doors for cybercriminals to get more sophisticated and creative on how they breach your systems. Phishing is no longer subjective to email anymore, with newer forms such as Smishing (SMS), Vishing (voice) and Quishing (OR Codes) have been on the rise in recent years. Cybersecurity awareness training is important not just for staff and administrators, but for students who connect their devices and use institutional servers. General rule of thumb, if it looks suspicious or you do not recognise the sender, do not click on the link provided!

Create a two-part plan.

This goes for both preventative and preparation plans. Keep your security systems up to date and know how your data is stored. While you can have every firewall in existence in place, it only takes one small crack for a cybercriminal to break in and create havoc. In this case, know what preparations you have in place to ensure your valuable data and information is not only protected, but can be recovered to reduce severe disruption across the institution.

Most importantly, BACK UP YOUR DATA AND FILES!

Make this a regular, if not a daily habit no matter your position within the education sector (students and researchers included). Ensuring you have multiple encrypted backups of your data and important files is an important safeguard in the event of a cyberattack, helping to save time and money in regaining access to critical information. While cloud backup services can be an option for this, it is important to note that even cloud servers can be impacted by leaks and cybercriminals (ie Apple iCloud celebrity photo leak). Using a hardware encryption module to encrypt data stored in the cloud and/or an offline encrypted backup is an important option to include in your data hygiene practices, as it can provide that extra level of reassurance and security. Taking that critical extra step, in protecting your data by storing it offline in an encrypted flash drive or portable HDD/SSD, out of the hands of criminals, can act as an essentially unbreakable safe and can make the world of difference when you need to restore your data following a cyber or ransomware attack.

You may also be interested in