Education Should Focus On Cyber Security

The shift towards online learning, accelerated by the Covid-19 pandemic, is having a big impact on educational organisations worldwide. Whether educational organisations have fully shifted to online learning or are taking a blended learning approach, what’s clear is that eLearning is here to stay. 

Educational institutions are particularly challenging to protect due to the high volume of unmanaged and personal devices that connect to their networks. This makes it complex to protect personal student data, employee records, confidential data, research results and other Intellectual Property (IP).

According to Australia's Vector Consultingthe fact that universities and training institutions increasingly share sensitive data with industry partners and governments makes them even more of a target for potential attackers. Education institutions are having to deliver more services to more stakeholders and to deal with large and unstructured datasets. Furthermore, the rapid adoption of educational technology means that education providers have become exposed to a larger number of risks associated with cyber security. 

  • Vector Consulting found that over 75% of the respondents thought that the cyber security in their institution needed improvement, since a security breach can carry not only financial and regulatory damage, but also brand reputational damage resulting in loss of trust from staff, learners and potential students. 
  • When asked to prioritise the importance of diverse datasets, 80% of respondents to Vector Consulting’s survey identified student data as the most important to be protected, both because of its sensitive nature and because it is usually the biggest dataset that institutions guard. 
  • With so many students and staff learning from remote environments, poor data hygiene is one of the other top risks of educational institutions, as remote learners and staff send each other unencrypted documents which contain personal information via unencrypted emails or messaging applications. 

While  education providers follow data protection legislation, like the European Union’s GDPR or California’s CCPA, it is also essential for institutions to have complete control over their data. This includes being able to decide over how and where they store their data, whether it’s using their own resources for hosting and support or hiring external service providers. Such flexibility can certainly be achieved through open source platforms where, unlike most proprietary software, the choice of product is separate from the choice of hosting provider, although IT teams in charge of data security must  also enforce best practices by keeping data collection, retention and access to the minimum possible. 

For example, in the widely used education software Moodle LMS and Moodle Workplace, administrators can define different user roles and assign permissions or ‘capabilities’ to them in bulk, ensuring that only users who have ‘trusted’ roles (eg teacher, manager, administrator) have access to certain data – while other users like ‘students’ do not.

Key Cyber Security Threats To Educational Institutions

In addition to data privacy concerns, with learners and staff using personal devices to log in remotely, user compromise and ransomware are two of the other most common cyber security issues for higher education providers.  The way in which IT teams at educational institutions deal with these issues, such as phishing attacks or threats to release private data accessed by hackers, should include enabling multi-factor authentication in their Learning Management System (LMS), including encrypting data or performing regular backups

Developing a security mindset organisation-wide is the  key to mitigate cyber security risks in educational institutions. 

This goes beyond being technically prepared to respond to potential attacks and providing compliance training and certification for those in roles that have a direct responsibility in data protection: A culture of cyber security needs to train both technical and non-technical staff in best practices to protect their data. 

Some of the initiatives that educational institutions can implement to work on this organisation-wide security mindset are internal phishing awareness campaigns, training to avoid risky cyber behaviour and basic data protection training. 

If all of these are delivered through the institution’s own learning management system, this also helps users put these trainings in context and understand the privacy tools that their own platform offers.

Vector-Consulting:    The Conversation:     Moodle.com:       Collegis Education:   

SwivelSecure:    Inside Higher Education

You Might Also Read: 

British Universities Shut Down By Cyber Attacks:

« Security Trends For 2022 - The Need For Talent & Cloud Migration
Protecting Your E-Commerce Business Against Ransomware Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NextPlane

NextPlane

NextPlane provide secure real-time B2B unified communication and collaboration solutions within and across business systems.

Seclore

Seclore

Seclore is the most advanced, secure, and automated Enterprise Digital Rights Management (EDRM) solution available.

Andrisoft

Andrisoft

Andrisoft develops WANGUARD, an anti-DDoS Software solution that monitors IP traffic using packet-based and flow-based Sensors, and protects networks

Verimuchme

Verimuchme

Verimuchme is a digital wallet and exchange platform to secure, verify and re-use personal information.

CERT-UA

CERT-UA

CERT-UA is the national Computer Emergency Response Team for Ukraine.

ID Experts

ID Experts

ID Experts is a leading provider of identity protection and data breach services for companies and individuals throughout the USA.

Seric Systems

Seric Systems

Seric is a technology business specialising in security, infrastructure and data management.

AppGuard

AppGuard

AppGuard prevents breaches by blocking applications from performing inappropriate processes using our patented dynamic isolation and inheritance technologies.

Encore Media Group

Encore Media Group

Encore Media Group provide an international enterprise technology event series exploring IoT, Blockchain AI, Big Data, 5G, Cyber Security and Cloud.

OnDefend

OnDefend

OnDefend delivers information security solutions that improve overall security posture, reduce risks and defend against continually evolving and persistent cyber adversaries.

AgileBlue (Agile1)

AgileBlue (Agile1)

AgileBlue (formerly Agile1) is a managed breach detection company with an Autonomous SOC-as-a-Service for 24×7 monitoring, detection and guided response.

Torq

Torq

Torq's no-code automation modernizes how security & operations teams work with easy workflow building, limitless integrations and numerous pre-built templates.

CyberGate Technologies

CyberGate Technologies

CyberGate Technologies is a world-class, customer focus cyber security service and consultancy company operating the UK, Europe, Middle East, and Africa.

Cyderes

Cyderes

Cyderes (Cyber Defense and Response) is a global, pure-play, full life-cycle cyber security services provider formed from the merger of Herjavec Group and Fishtech Group in 2022.

AuditBoard

AuditBoard

AuditBoard is the leading cloud-based platform transforming audit, risk, ESG, and InfoSec management.

Mobilen Communications

Mobilen Communications

Mobilen are dedicated to providing our customers with the highest level of secure data in transit and to bring privacy back to a mobile world.