Education Today Education Today Magazine
Comment by OLI VENN, SE Manager, Northern Europe at WatchGuard Technologies
It seems like almost every time you read the news, there’s a piece regarding another cyberattack on a school or educational institution.
Schools and educational institutions can make for easy targets for malicious hackers for several reasons. The cybersecurity threat to the UK education sector is considered significant and growing. The sector is increasingly reliant on digital technologies for teaching, learning and administration, exacerbated by the need for rapid pivoting to new technologies in recent years due to the pandemic.
Several factors contribute to heightened cyber risk in this sector:
Valuable data
Educational institutions hold large amounts of sensitive data, including personal information about students and staff, research data and financial records, making them attractive targets for cybercriminals.
Resource constraints
Especially in primary and secondary education, there are often limited budgets and a lack of in-house expertise dedicated to cybersecurity, making these institutions more vulnerable to attacks.
Increased attack surface
The widespread adoption of online learning platforms, digital tools and remote access technologies, accelerated by the COVID-19 pandemic, has expanded the attack surface and introduced new vulnerabilities.
Ransomware threats
Education establishments have become notable targets for ransomware attacks, with attackers betting on the urgency and pressure these institutions face to restore access to educational materials and operational data. The sector faces special pressure as there is the implicit and explicit agreement and expectations that our children will be kept safe – and that safety must extend to online and digital environments. Our aim should be to protect sensitive information and systems – but also ensure the continuity of educational services in the face of growing cyber threats.
Improve defences
The education sector can rapidly enhance its cyber defences through a multi-layered approach, focusing on immediate improvements and setting the groundwork for long-term resilience. You should conduct an urgent cybersecurity assessment to identify vulnerabilities in the school’s network and systems. When choosing who might conduct a cybersecurity assessment, consider the complexity of the network, sensitivity of the data held and potential impact of cybersecurity threats. Regardless of who conducts the assessment, it should be thorough, cover all aspects of cybersecurity (including policies, practices, and technical defences), and result in actionable recommendations. You have a range of possibilities here, from your in-house IT team to external cybersecurity consultants, specialised cybersecurity auditors, technology vendors, government or educational organisations or peer networks.
Update and patch systems
Too often, we hear hackers gained entry to a network simply because of an unpatched vulnerability. Outdated software and IT appliances that don’t get the necessary patching, upgrades and maintenance can be a source of vulnerabilities. Ensure all your network software and systems are up to date with the latest security patches.
Secure configuration
Apply secure configurations to all devices and networks. This includes disabling unnecessary services, protecting sensitive data and ensuring proper access controls are in place.
Multi-Factor Authentication (MFA)
Implement MFA wherever possible, especially for accessing important systems and information. This adds an extra layer of security beyond just passwords, such as a physical token or key. Look for a solution with optimal user experience that makes it easy to enable authentication.
Firewalls and endpoint security
Installing robust firewalls protects your network perimeter. Adding Web Blockers with URL Filtering blocks web-based malware, helps ensure secure remote connectivity, and provides tight control over web surfing. Ensure all devices are protected with up-to-date antivirus software and consider adding EDR capabilities for continuous monitoring that prevents the execution of unknown processes.
Implement strong and secure Wi-Fi
Wi-Fi in educational institutions is often critical to enable learning and teaching duties. To deliver secure Internet access, focus on private networks and access points that can handle density without risks. Consider Cloud-managed Wi-Fi solutions for optimised performance, greater visibility, and reporting.
Backup and recovery plans
Regularly back up data and systems, and ensure these backups are stored securely off-site. Develop a comprehensive disaster recovery plan that includes procedures for restoring data and systems in the event of cyberattack.
Cybersecurity frameworks
Adopt recognised cybersecurity frameworks and standards, such as those from the NCSC. These provide helpful best practices and guidelines for improving cybersecurity posture.
Collaborate
Participate in information sharing and collaboration platforms, such as regional and sector-specific cybersecurity groups. These can provide valuable insights into emerging threats and best practices.
Professional support
Consider hiring a cybersecurity firm or consultant to provide expert advice and support. They can help in assessing vulnerabilities, enhancing defences and training staff.
Awareness training
It’s well noted that many attacks occur because of vulnerabilities in the ‘wetware’ – us humans. Sophisticated attackers know how to use malicious email techniques, for example, to get passwords and sensitive information from oblivious team members, who are frequently coerced into divulging information without realising what’s happening. Implement regular cybersecurity awareness training for all staff and students, focusing on the importance of strong passwords, recognising phishing attempts, and safe internet practices. Educate teachers, employees and administrators about social engineering attacks to limit risk. Key security awareness education should include:
• Detecting phishing attempts
• Using email security best practices
• Avoiding weak or exposed passwords
• Reporting incidents to the IT department
Incident response planning
Develop and test an incident response plan that outlines the roles, responsibilities and procedures for responding to a cyber incident. This should include communication strategies both internally and with external stakeholders. If your school or institution has been breached, report it to the appropriate authority, such as Action Fraud, the National Cyber Security Centre (NCSC), Information Commissioner’s Office (ICO) or Local Authority. Bringing issues to public officials’ attention can create additional opportunities to deliver greater funding or resources, helping educational institutions receive the support they need to optimise cybersecurity.
Adopting a unified approach to cybersecurity
Managing the IT systems for any educational institution is no small endeavour. The education sector needs security solutions that empower educators to deliver an inclusive learning experience. Access control, asset protection, identity security, and securing endpoints are only a few of the solutions required to enable a reliable learning environment. Disconnected security is no longer an option in the sophisticated threat landscape of 2024. Educational institutions need to adopt a unified and simplified approach to security.
To find out more, please visit:
www.watchguard.com
