Cybersecurity in education: Protecting schools from data breaches and ransomware
As organisations across the globe contend with an increasing number of cyberattacks, schools and higher learning institutions are looking for innovative and cost-effective ways to protect their students, staff, and data from breaches and ransomware. “Unfortunately, cybercriminals don’t consider the ramifications of cyberattacks on schools. However, increasing cybersecurity awareness and allocating resources effectively can help the education sector become less attractive targets for cybercrime,” notes Steve Flynn, Sales and Marketing Director at ESET Southern Africa.
From the University of Mpumalanga experiencing an attack on its bank accounts to the University of Johannesburg accidentally leaking a student’s personal information to their email database, and Harvard University having to dismiss all hybrid classes after a ransomware attack compromised its network, breaches and cyberattacks can affect schools and universities irrespective of size or prestige.
A challenging sector to secure
According to Flynn this highlights the need for improved cybersecurity measures in the education sector to protect sensitive data and ensure the safety of students and staff, as well as the integrity of the institution’s digital assets and reputation. However, this is not easily achieved. The education sector faces numerous cybersecurity challenges, including:
Limited budgets: Limited budgets and resources make it difficult to implement robust cybersecurity measures.
Diverse IT infrastructure: Including legacy systems and a wide variety of devices used by students, faculty, and staff, which makes it challenging to secure the network.
Human error: The education sector relies on human interaction which makes it particularly vulnerable to social engineering attacks, such as phishing scams and other forms of cyber manipulation.
Student privacy: Handling a significant amount of student data, including personally identifiable information and academic records makes educational institutions a prime target for cybercriminals seeking to steal this information.
Lack of cybersecurity awareness: Students, faculty, and staff may not be aware of the cybersecurity risks and how to protect against them, making them more susceptible to cyber threats.
The real costs of cybersecurity
While the cost of cybersecurity measures might seem prohibitive to schools and universities operating on tight, often non-existent budgets, it is important to point out that the cost of doing nothing is always regrettably higher. Nicolaas Liebenberg, Operations Manager at Sisonke Solutions – an ESET partner in the education sector, says “Cyberattacks in the education sector can be costly both in financial and reputational terms. The exact cost can vary depending on the type of attack, the severity of the breach, and the size of the institution affected. Some of the potential repercussions include financial costs for the educational institution, including the cost of investigating the attack, restoring systems and data, and potential legal fees. For example, the University of California, San Francisco paid a ransom of US$1.14 million to cybercriminals in 2020 to recover encrypted data.”
Prioritising cybersecurity
Given the potential costs of cyberattacks on the education sector, it is critical for educational institutions to prioritise cybersecurity measures to protect sensitive data and ensure the continuity of operations. Educational institutions can take various measures to enhance cybersecurity, which include encouraging regular password updates and implementing strong password policies that promote complex and unique passwords. Schools and governments can educate staff and students about cybersecurity best practices, implement multi-factor authentication for accessing sensitive data and systems, and regularly update their software and security systems to protect against known vulnerabilities and exploits.
They can also back up their data regularly to prevent data loss in case of a cyberattack or other data loss event. Furthermore, organisations can enhance their security measures by implementing access controls to restrict access to confidential information and critical system only to authorised personnel. “While such steps are essential in protecting schools and universities, using a reputable cybersecurity provider is possibly the most effective step that can be taken to prevent cyberattacks along with standardisation of IT policies, and engaging with cybersecurity awareness training for staff and students,” says Liebenberg.
Cybersecurity is an unavoidable necessity
“Although cybersecurity is often a grudge purchase for organisations, it should be viewed as a necessary investment, and money well spent. With this sector’s growing vulnerability in mind, ESET offers a generous discount to educational institutions, as well as free training guides* for educators and learners on how to be safer online,” explains Flynn. There are several products that have proven instrumental in meeting the cybersecurity needs of the education sector, including:
Endpoint Security: Secure endpoints, such as laptops and mobile devices, from malware, phishing, and other online threats.
Secure Authentication: Provides two-step authentication for remote access to networks and applications to secure against unauthorised access and social engineering attacks like phishing.
Dynamic Threat Defense: ESET’s cloud-based solution provides proactive protection against zero-day threats and advanced malware.
“Cybersecurity has become a critical concern for educational institutions in this digital age. With the increasing amount of sensitive data stored and processed by institutions, it’s important to take steps to protect students and institutions so that learning can continue without disruption. Ultimately, investing in cybersecurity measures can help educational institutions protect their digital assets and safeguard the privacy of their students and staff,” says Flynn.