Education Should Focus On Cyber Security

The shift towards online learning, accelerated by the Covid-19 pandemic, is having a big impact on educational organisations worldwide. Whether educational organisations have fully shifted to online learning or are taking a blended learning approach, what’s clear is that eLearning is here to stay. 

Educational institutions are particularly challenging to protect due to the high volume of unmanaged and personal devices that connect to their networks. This makes it complex to protect personal student data, employee records, confidential data, research results and other Intellectual Property (IP).

According to Australia's Vector Consultingthe fact that universities and training institutions increasingly share sensitive data with industry partners and governments makes them even more of a target for potential attackers. Education institutions are having to deliver more services to more stakeholders and to deal with large and unstructured datasets. Furthermore, the rapid adoption of educational technology means that education providers have become exposed to a larger number of risks associated with cyber security. 

  • Vector Consulting found that over 75% of the respondents thought that the cyber security in their institution needed improvement, since a security breach can carry not only financial and regulatory damage, but also brand reputational damage resulting in loss of trust from staff, learners and potential students. 
  • When asked to prioritise the importance of diverse datasets, 80% of respondents to Vector Consulting’s survey identified student data as the most important to be protected, both because of its sensitive nature and because it is usually the biggest dataset that institutions guard. 
  • With so many students and staff learning from remote environments, poor data hygiene is one of the other top risks of educational institutions, as remote learners and staff send each other unencrypted documents which contain personal information via unencrypted emails or messaging applications. 

While  education providers follow data protection legislation, like the European Union’s GDPR or California’s CCPA, it is also essential for institutions to have complete control over their data. This includes being able to decide over how and where they store their data, whether it’s using their own resources for hosting and support or hiring external service providers. Such flexibility can certainly be achieved through open source platforms where, unlike most proprietary software, the choice of product is separate from the choice of hosting provider, although IT teams in charge of data security must  also enforce best practices by keeping data collection, retention and access to the minimum possible. 

For example, in the widely used education software Moodle LMS and Moodle Workplace, administrators can define different user roles and assign permissions or ‘capabilities’ to them in bulk, ensuring that only users who have ‘trusted’ roles (eg teacher, manager, administrator) have access to certain data – while other users like ‘students’ do not.

Key Cyber Security Threats To Educational Institutions

In addition to data privacy concerns, with learners and staff using personal devices to log in remotely, user compromise and ransomware are two of the other most common cyber security issues for higher education providers.  The way in which IT teams at educational institutions deal with these issues, such as phishing attacks or threats to release private data accessed by hackers, should include enabling multi-factor authentication in their Learning Management System (LMS), including encrypting data or performing regular backups

Developing a security mindset organisation-wide is the  key to mitigate cyber security risks in educational institutions. 

This goes beyond being technically prepared to respond to potential attacks and providing compliance training and certification for those in roles that have a direct responsibility in data protection: A culture of cyber security needs to train both technical and non-technical staff in best practices to protect their data. 

Some of the initiatives that educational institutions can implement to work on this organisation-wide security mindset are internal phishing awareness campaigns, training to avoid risky cyber behaviour and basic data protection training. 

If all of these are delivered through the institution’s own learning management system, this also helps users put these trainings in context and understand the privacy tools that their own platform offers.

Vector-Consulting:    The Conversation:     Moodle.com:       Collegis Education:   

SwivelSecure:    Inside Higher Education

You Might Also Read: 

British Universities Shut Down By Cyber Attacks:

« Security Trends For 2022 - The Need For Talent & Cloud Migration
Protecting Your E-Commerce Business Against Ransomware Attacks »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Coalfire

Coalfire

Coalfire specialises in cyber risk management and compliance. Our services span the cybersecurity lifecycle from advisory and compliance, to testing and engineering, monitoring and optimization.

360Logica

360Logica

360Logica is a software testing company offering numerous kinds of testing services to improve the quality and performance of your software and IT systems.

KoolSpan

KoolSpan

KoolSpan’s security and privacy solutions address the growing threat of loss or theft of intellectual property, information, and proprietary assets.

Private Internet Access

Private Internet Access

Private Internet Access is a Virtual Private Network services provider offering secure encrypted access to the internet.

Ensign InfoSecurity

Ensign InfoSecurity

Ensign InfoSecurity is Southeast Asia’s largest pure-play cybersecurity firm.

Redborder

Redborder

Redborder is an Open Source network visibility, data analytics, and cybersecurity Big Data solution that is scalable up to the needs of enterprise networks and service providers.

CybernetIQ

CybernetIQ

CLAW by CybernetIQ is the industry's most advanced SOAR platform helping unify all cybersecurity tools under one umbrella and providing organizations faster, better and more accurate cybersecurity.

Department of Justice - Office of Cybercrime (DOJ-OOC) - Philippines

Department of Justice - Office of Cybercrime (DOJ-OOC) - Philippines

The Office of Cybercrime within the Philippines Department of Justice is the Central Authority in all matters relating to international mutual assistance and extradition for cybercrime.

Conduent

Conduent

Conduent delivers mission-critical technology services and solutions on behalf of businesses and governments. Solution areas include digital risk and compliance.

Data Storage Corp (DSC)

Data Storage Corp (DSC)

Data Storage Corporation is a provider of data recovery and business continuity services that help organizations protect their data, minimize downtime and recover and restore data.

Technology Innovation & Startup Centre (TISC)

Technology Innovation & Startup Centre (TISC)

TISC is a startup incubator at the Indian Institute of Technology Jodhpur (IITJ) and we back deep-tech startups.

Condition Zebra

Condition Zebra

Condition Zebra has wide experience in providing IT Security Services, Training, and Certification in the field of cybersecurity.

RKVST

RKVST

RKVST is a powerful tool that builds trust in multi-party processes when it’s critical to have high assurance in data for confident decisions.

PingSafe

PingSafe

PingSafe is creating the next-generation cloud security platform powered by attackers' intelligence, providing coverage for vulnerabilities that traditional security solutions would otherwise overlook

Cyphershield

Cyphershield

Cypershield is a Security and Smart Contract audit company providing professional smart contract auditing services for varied Crypto projects.

Continent 8 Technologies

Continent 8 Technologies

Continent 8 Technologies is the leading provider of managed hosting, connectivity, cloud and cybersecurity solutions to the global online gambling industry.