BETT PREVIEW 8 Cybersecurity Practices for the Education Sector F
or the education sector, data security ranges from the need to protect devices to safeguarding the sensitive information and privacy of its users, including students, their parents, and the institution’s staff.
Taking into account the current context in which educational institutions operate, which involves combining remote learning and in- person teaching, as well as the use of personal devices, we analyse the most common cybersecurity threats affecting the sector:
• Phishing: this is a deceptive practice where the attacker seeks to obtain sensitive data from the victim, such as usernames, passwords, credit card details, etc. There are many ways to carry out this scam, but the main entry vector is the use of emails or text messages that appear to come from trusted sources and contain malware attachments or links to fraudulent websites. • DDoS: distributed denial of service attacks occur when a website is flooded by an avalanche of traffic in a short period of time, causing it to crash. In most cases these attacks come from external actors; however, there has been an increase in DDoS attacks from students who are purchasing them as an online service in order to skip a class or exam. • BYOD (bring your own device): personal devices are much more prone to malware, as they access websites that do not necessarily offer the right level of security. Moreover, IT staff at educational institutions have no visibility or assurance that malware has not been downloaded onto these devices. • Doxing and cyberbullying: in this form of online harassment an individual’s private information is disseminated without their consent, allowing them to be identified and exposing their personal life and compromising their safety, with the intention of defaming them or causing harm of some kind. • Domain spoofing: a type of phishing attack in which hackers register web domains using names similar to those of legitimate websites in order to appear trustworthy and thus deceive users through a scam. • End-of-life software: this is the use of outdated software or computing devices that no longer receive the necessary patches, updates and maintenance making them more susceptible to vulnerabilities.
Ransomware, a growing risk Ransomware is the main cyberthreat in the education sector. In recent years these attacks have increased significantly and, according to data from Statista*, educational institutions received 14.34% of ransomware attacks in 2021 globally.
How can the education sector protect itself?
1). Prioritise training of key players: Educating teachers, administrators and students about social engineering attacks, as well as introducing security concepts through training programs can help create safe
February 2023
practices when accessing computers, systems and login credentials. 2). Filter content: Implementing content filtering through hardware appliances or software-as-a-service (SaaS) can help block websites, emails or files that cause vulnerabilities and incidents, as well as supporting regulatory compliance. 3). Monitor access: use visibility tools that track and expose threats and identify the behaviour of users who contribute to a compromised network. 4). Protect access with MFA: passwords can be easily compromised, so educational institutions should establish multi-factor authentication (MFA) in conjunction with any BYOD program.
5). Use a secure Wi-Fi network: Cloud- managed Wi-Fi solutions enable optimised performance, visibility, and reporting. 6). Enable secure video conferencing: secure video conferencing requires controlling access, securing connectivity, protecting files and screen sharing, and using up-to-date versions of video applications. 7). Conduct a security assessment: review which threats weigh on assets, identify vulnerabilities (how damage can occur) and the consequences they may entail. 8). Segment the network: in unsegmented networks, all computers can communicate with each other, increasing the chances of network congestion. Segmentation divides the school network into smaller networks, or “clusters”, which will help them operate more quickly and efficiently.
Comprehensive protection The new hybrid learning dynamics require comprehensive protection of the digital educational environment. To achieve this, IT managers need to achieve unified security that
For further information, please visit:
www.watchguard.com
*
https://www.statista.com/chart/26148/number-of- publicized-ransomware-attacks-worldwide-by-sector/
www.education-today.co.uk 27
allows them to address all the institution’s cybersecurity needs and simplifies their job. A unified solution provides multi-factor authentication and network security that are essential for users and devices. Moreover, it can cut down network administration time by automating processes that eliminate threats and do more with less. It also provides clarity and control, with centralised security offering visibility that is difficult to achieve by maintaining isolated solutions.
https://www.statista.com/chart/26148/number-of-publicized-ransomware-attacks-worldwide-by-sector/
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48
