According to Microsoft’s Global Threat Activity Tracker, more than 4.7 million malicious software (or “malware”) incidents were detected in the education industry worldwide in June 2020 – which accounted for more than 60 percent of all the corporate and institutional malware incidents reported during the month, the most affected industry by far. More than 20 universities and charities across the United States, United Kingdom, and Canada reported that they were compromised by a cyberattack. The increasing threat of attacks to educational institutions has prompted the FBI to issue their own security alert about the uptick in vulnerabilities. Even before COVID-19, cybersecurity in education was a serious issue, but the pandemic and its impact on the virtual classroom have demonstrated just how critical it is for educational institutions to protect their networks. But how?
Start from Square One: “Building a Culture of Data Protection”
Educational systems in the United States and abroad have long faced significant cybersecurity deficiencies, often because a lack of dedicated funding allows for certain vulnerabilities to go unnoticed until the damage has been done. Before purchasing and implementing any systems, educational institutions must have detailed policies and procedures that clearly establish their cybersecurity processes, the first step in building a culture of data protection within the education domain.
“Building a cybersecurity program is a significant undertaking, and it needs to be from the ground up,” says education consultant Linnette Attai. Embedding cybersecurity into your institution’s framework is imperative in solidifying the strength of whichever technologies you install to protect your sensitive data. Even in the case of a potential breach, educational institutions would be best served to have an incident response procedure at the ready.
Step Two: Installing the Proper Systems
In the age of virtual learning, students, teachers, and administrators alike are reliant on video chat software, lesson portals, message boards, and other forms of online communication. However, minus the proper authentication and controls, any and all of these are susceptible to hackers.
While a number of particularly dramatic cyberattacks last fall spurred momentum toward making cybersecurity a priority in schools across the United States, COVID-19 shifted priorities to ensuring the efficiency of remote learning: “It went into that mode where … get everyone working and learning remotely, distribute devices to students, connect to local printers, deal with forgotten passwords, whatever,” according to Doug Levin, founder of the consulting firm EdTech Strategies. However, this perspective neglects to recognize that the safety of sensitive data is as essential to one’s learning and teaching efficiency as distributing laptops and dealing with forgotten passwords. Our last blog entry details modes of authentication that could be of use to these educational institutions, with a variety of other programs existing that can better bolster these schools’ digital defenses.
Step Three: Continued Cybersecurity Hygiene
Cybersecurity is not static. Even the best written policies and procedures should be constantly monitored and amended to account for shifting digital trends, particularly given the current fluidity inherent to virtual and distance learning.
“The key learning piece is that you can’t treat cybersecurity as a one-and-done. It’s not a checklist that you go through, because the next day, the entire environment has changed,” per Amy McLaughlin, cybersecurity project director for the Consortium for School Networking (CoSN). Even after “building the culture” and installing the appropriate systems for your institution, users must be continuously educated on best practices, such as creating strong passwords and identifying potential phishing attacks.
Online education has become our new normal, and educational institutions owe it to their students to provide the highest-quality protections. But identifying those protections will not be a quick fix, nor should it be. Institutions must be intentional in developing their cybersecurity policies and procedures, identifying and installing the proper systems, and continuing to educate users on cybersecurity hygiene. While there is likely nothing we can do to altogether stop scammers and cyberattacks, these three steps are the very least these institutions can take in curbing their effectiveness.
Talk with us. Wilson Consulting Group is a cybersecurity firm that aims to provide companies the solutions to keep their systems secure. Our Application Security Assessment Service assists organizations to identify, evaluate and respond to your applications’ risks.