Education Should Focus On Cyber Security

Uploaded on 2021-12-20 in TECHNOLOGY--Resilience, JOBS-Training, FREE TO VIEW

The shift towards online learning, accelerated by the Covid-19 pandemic, is having a big impact on educational organisations worldwide. Whether educational organisations have fully shifted to online learning or are taking a blended learning approach, what’s clear is that eLearning is here to stay. 

Educational institutions are particularly challenging to protect due to the high volume of unmanaged and personal devices that connect to their networks. This makes it complex to protect personal student data, employee records, confidential data, research results and other Intellectual Property (IP).

According to Australia's Vector Consultingthe fact that universities and training institutions increasingly share sensitive data with industry partners and governments makes them even more of a target for potential attackers. Education institutions are having to deliver more services to more stakeholders and to deal with large and unstructured datasets. Furthermore, the rapid adoption of educational technology means that education providers have become exposed to a larger number of risks associated with cyber security. 

  • Vector Consulting found that over 75% of the respondents thought that the cyber security in their institution needed improvement, since a security breach can carry not only financial and regulatory damage, but also brand reputational damage resulting in loss of trust from staff, learners and potential students. 
  • When asked to prioritise the importance of diverse datasets, 80% of respondents to Vector Consulting’s survey identified student data as the most important to be protected, both because of its sensitive nature and because it is usually the biggest dataset that institutions guard. 
  • With so many students and staff learning from remote environments, poor data hygiene is one of the other top risks of educational institutions, as remote learners and staff send each other unencrypted documents which contain personal information via unencrypted emails or messaging applications. 

While  education providers follow data protection legislation, like the European Union’s GDPR or California’s CCPA, it is also essential for institutions to have complete control over their data. This includes being able to decide over how and where they store their data, whether it’s using their own resources for hosting and support or hiring external service providers. Such flexibility can certainly be achieved through open source platforms where, unlike most proprietary software, the choice of product is separate from the choice of hosting provider, although IT teams in charge of data security must  also enforce best practices by keeping data collection, retention and access to the minimum possible. 

For example, in the widely used education software Moodle LMS and Moodle Workplace, administrators can define different user roles and assign permissions or ‘capabilities’ to them in bulk, ensuring that only users who have ‘trusted’ roles (eg teacher, manager, administrator) have access to certain data – while other users like ‘students’ do not.

Key Cyber Security Threats To Educational Institutions

In addition to data privacy concerns, with learners and staff using personal devices to log in remotely, user compromise and ransomware are two of the other most common cyber security issues for higher education providers.  The way in which IT teams at educational institutions deal with these issues, such as phishing attacks or threats to release private data accessed by hackers, should include enabling multi-factor authentication in their Learning Management System (LMS), including encrypting data or performing regular backups

Developing a security mindset organisation-wide is the  key to mitigate cyber security risks in educational institutions. 

This goes beyond being technically prepared to respond to potential attacks and providing compliance training and certification for those in roles that have a direct responsibility in data protection: A culture of cyber security needs to train both technical and non-technical staff in best practices to protect their data. 

Some of the initiatives that educational institutions can implement to work on this organisation-wide security mindset are internal phishing awareness campaigns, training to avoid risky cyber behaviour and basic data protection training. 

If all of these are delivered through the institution’s own learning management system, this also helps users put these trainings in context and understand the privacy tools that their own platform offers.

Vector-Consulting:    The Conversation:     Moodle.com:       Collegis Education:   

SwivelSecure:    Inside Higher Education

You Might Also Read: 

British Universities Shut Down By Cyber Attacks:

« Security Trends For 2022 - The Need For Talent & Cloud Migration
Protecting Your E-Commerce Business Against Ransomware Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CrowdStrike

CrowdStrike

CrowdStrike is a global provider of security technology and services focused on identifying advanced threats and targeted attacks.

MetricStream

MetricStream

MetricStream provide integrated GRC solutions across business, IT, and security functions.

Nubo Software

Nubo Software

Nubo’s Virtual Mobile Infrastructure creates a virtual corporate device on your employee smartphones and tablets. Enable unlimited mobility without leaving any data at risk.

Naval Dome

Naval Dome

Naval Dome provides the first maritime multilayer cyber defense solution for mission critical onboard systems.

GovCERT Austria

GovCERT Austria

GovCERT Austria is the Austrian Government Computer Emergency Response Team. Its constituency consists of Austria's public administration.

Cylus

Cylus

Cylus, a global leader in rail cybersecurity, helps rail and metro companies avoid safety incidents and service disruptions caused by cyber-attacks.

Dathena

Dathena

Dathena is a company developing data governance software based on machine learning algorithms.

Carbide

Carbide

Carbide (formerly Securicy) breaks down enterprise-class security and privacy requirements and makes them accessible to, and achievable by, companies of all sizes.

SecuLetter

SecuLetter

SecuLetter is able to detect unknown attacks with hybrid approaches, static and dynamic analysis.

01 Communique Laboratory

01 Communique Laboratory

01 Communique Laboratory is an innovation leader in the new realm of Post-Quantum Cyber Security.

AEWIN Technologies

AEWIN Technologies

AEWIN is professional in the fields of Network Appliance, Cyber Security, Server, Edge Computing and an ODM/OEM expert.

Netstar

Netstar

Netstar is an IT Support company based in Central London providing fully managed IT Support, Cyber Security and Technology Consulting services.

Delinea

Delinea

Delinea is a leading provider of cloud-ready privileged access management (PAM) solutions that empower cybersecurity for the modern, hybrid enterprise.

Prophaze Technologies

Prophaze Technologies

Prophaze enable organizations and SaaS providers to improve their web application cybersecurity and reduce costs through AI automation.

Cranium

Cranium

Cranium are an international consultancy organisation specialised in privacy, security and data management.

CaseMatrix

CaseMatrix

Discover a new era of legal intelligence with CaseMatrix. We identify potential class action cases arising from cyber incidents and data breaches.