Education Should Focus On Cyber Security

Uploaded on 2021-12-20 in TECHNOLOGY--Resilience, JOBS-Training, FREE TO VIEW

The shift towards online learning, accelerated by the Covid-19 pandemic, is having a big impact on educational organisations worldwide. Whether educational organisations have fully shifted to online learning or are taking a blended learning approach, what’s clear is that eLearning is here to stay. 

Educational institutions are particularly challenging to protect due to the high volume of unmanaged and personal devices that connect to their networks. This makes it complex to protect personal student data, employee records, confidential data, research results and other Intellectual Property (IP).

According to Australia's Vector Consultingthe fact that universities and training institutions increasingly share sensitive data with industry partners and governments makes them even more of a target for potential attackers. Education institutions are having to deliver more services to more stakeholders and to deal with large and unstructured datasets. Furthermore, the rapid adoption of educational technology means that education providers have become exposed to a larger number of risks associated with cyber security. 

  • Vector Consulting found that over 75% of the respondents thought that the cyber security in their institution needed improvement, since a security breach can carry not only financial and regulatory damage, but also brand reputational damage resulting in loss of trust from staff, learners and potential students. 
  • When asked to prioritise the importance of diverse datasets, 80% of respondents to Vector Consulting’s survey identified student data as the most important to be protected, both because of its sensitive nature and because it is usually the biggest dataset that institutions guard. 
  • With so many students and staff learning from remote environments, poor data hygiene is one of the other top risks of educational institutions, as remote learners and staff send each other unencrypted documents which contain personal information via unencrypted emails or messaging applications. 

While  education providers follow data protection legislation, like the European Union’s GDPR or California’s CCPA, it is also essential for institutions to have complete control over their data. This includes being able to decide over how and where they store their data, whether it’s using their own resources for hosting and support or hiring external service providers. Such flexibility can certainly be achieved through open source platforms where, unlike most proprietary software, the choice of product is separate from the choice of hosting provider, although IT teams in charge of data security must  also enforce best practices by keeping data collection, retention and access to the minimum possible. 

For example, in the widely used education software Moodle LMS and Moodle Workplace, administrators can define different user roles and assign permissions or ‘capabilities’ to them in bulk, ensuring that only users who have ‘trusted’ roles (eg teacher, manager, administrator) have access to certain data – while other users like ‘students’ do not.

Key Cyber Security Threats To Educational Institutions

In addition to data privacy concerns, with learners and staff using personal devices to log in remotely, user compromise and ransomware are two of the other most common cyber security issues for higher education providers.  The way in which IT teams at educational institutions deal with these issues, such as phishing attacks or threats to release private data accessed by hackers, should include enabling multi-factor authentication in their Learning Management System (LMS), including encrypting data or performing regular backups

Developing a security mindset organisation-wide is the  key to mitigate cyber security risks in educational institutions. 

This goes beyond being technically prepared to respond to potential attacks and providing compliance training and certification for those in roles that have a direct responsibility in data protection: A culture of cyber security needs to train both technical and non-technical staff in best practices to protect their data. 

Some of the initiatives that educational institutions can implement to work on this organisation-wide security mindset are internal phishing awareness campaigns, training to avoid risky cyber behaviour and basic data protection training. 

If all of these are delivered through the institution’s own learning management system, this also helps users put these trainings in context and understand the privacy tools that their own platform offers.

Vector-Consulting:    The Conversation:     Moodle.com:       Collegis Education:   

SwivelSecure:    Inside Higher Education

You Might Also Read: 

British Universities Shut Down By Cyber Attacks:

« Security Trends For 2022 - The Need For Talent & Cloud Migration
Protecting Your E-Commerce Business Against Ransomware Attacks »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MobileIron

MobileIron

MobileIron provides EMM capabilities to IT organizations that need to secure mobile devices, applications and content.

NESEC

NESEC

NESEC is a specialist in information security consulting services and solutions.

Bechtel

Bechtel

Bechtel’s Industrial Control Systems Cyber Security Laboratory focuses on protecting large-scale industrial and infrastructure systems that support critical infrastructure.

Information & eGovernment Authority (iGA) - Bahrain

Information & eGovernment Authority (iGA) - Bahrain

The Information & eGovernment Authority facilitates many services catering to different parts of the community within the IT sector in Bahrain including information security.

Tier1Asset (T1A)

Tier1Asset (T1A)

T1A is Europe’s leading IT refurbisher. We offer certified data erasure using blancco on site and at our facilities, providing environmentally sound disposal of your used equipment.

Italtel

Italtel

Italtel is a multinational ICT company that combines networks and communications services with the ability to innovate and develop solutions for digital transformation.

Cyber Security Forum Initiative (CSFI)

Cyber Security Forum Initiative (CSFI)

CSFI is a non-profit organization with a mission to provide Cyber Warfare awareness, guidance, and security solutions through collaboration, education, volunteer work, and training.

HMS Networks

HMS Networks

HMS stands for Hardware meets Software. Our technology enables industrial hardware to communicate and share information with software and systems.

Synamic Technologies

Synamic Technologies

Synamic Technologies was founded in 2018 as a start-up to automate cyber security processes. Our CISOSCOPE product automates vulnerability management, risk management and compliance.

Insight Enterprises

Insight Enterprises

Insight is a leading solutions integrator, helping you navigate today’s ever-changing business environment with teams of technical experts and decades of industry experience.

Filigran

Filigran

Filigran provides threat intelligence, adversary simulation and crisis response open solutions to thousands of cybersecurity and crisis management teams across the world.

Elastio

Elastio

Elastio's cloud-native platform safeguards cloud data from the risks posed by ransomware, application failures and storage security vulnerabilities.

Hetz Ventures

Hetz Ventures

Hetz Ventures is a global-facing VC investing in highly talented and ambitious Israeli founders who operate at the cutting edge of deep technology.

Invisily

Invisily

Invisily makes enterprise and cloud computing resources invisible to attackers with zero trust solutions, making them visible only when needed to only those who need them.

National Renewable Energy Laboratory (NREL) - USA

National Renewable Energy Laboratory (NREL) - USA

NREL is transforming energy through research, development, commercialization, and deployment of renewable energy and energy efficiency technologies.

InterSources

InterSources

InterSources is a trusted partner, leading the way in Cloud Security, Cybersecurity, PLG Consulting, Digital Transformation, and Professional Services.