Have you considered the importance of cyber-security in your school?
With the rise of remote online learning, your school could be at risk of an attack. Understanding your school’s cybersecurity risk and how you can keep your network secure, should be your number one priority.
The majority of businesses keep important data online. Your school is no different to any private corporation.
With increased use of technology for online learning, teaching, and simply just operating the daily functions of a school, you are highly vulnerable to cyberattacks. School’s are full of data rich information; student and employee records and financial information, that may be poorly secured making it easier for cyber criminals to attack.
Microsoft Security Intelligence reports 60% of the 8 million malware encounters in one month came from the education sector, making this sector the most affected by cyber crime. Cyber criminals target schools as they’re traditionally known to have basic cyber security; with small IT teams and limited resources and funds. Interestingly, many schools believe they don’t have anything worth stealing so aren’t a target.
How have these threats increased?
Just imagine the immediate change to our lives last year during Covid. Without notice, we needed to stay home and school became an online, remote learning environment. Students were expected to use personal computers and free video conferencing. This situation created a dangerous environment for ransomware attacks as the attack surface of your school network increased. If your students are using personal equipment, there’s no monitoring or control. Using systems outside of your network that are not designed for remote use means there isn’t a set patching schedule for security updates.
Top cyber security threats schools face
Of the threats that rate highly, phishing is the most common. This is an attack where scammers trick users into giving them personal or highly confidential information, like passwords and account information, that are used to access networks. Users can easily be fooled as almost all phishers are impersonating someone in authority. Over 90% of cyber attacks start with phishing.
Another common threat is Ransomware attacks. These involve a criminal encrypting your data files and systems via malicious software and insisting your school pays a ransom to regain access to their systems. These types of attacks start with phishing emails and show how important it is to have your remote network secure and access to automatic patching to receive important network updates.
What action can you take?
Securing your network may sound daunting, but there are a few easy and effective steps you can put in place to educate your users; being staff, students and parents to keep your network safe.
As a school you can:
- Create strong passwords; using 8 characters or more with combinations of upper and lowercase letters, numbers and symbols
- Use Multi Factor Authentication; granting the user permission via 2 or more verified mechanisms to gain access to an account. Such mechanism could be a password used in combination with a pin or answer to a question.
- Train staff and students on good cybersecurity practices and educate them on the dangers of an unsecured network i.e. using their personal computers at home for online learning and keeping data and passwords private.
- Discourage password sharing. Assign a user password to each individual user (and the use of different passwords for different parts of their lives)
- Restrict admin rights to the network. Only allow a small handful of users access rights, which can minimise data breaches. Entrust access rights to key individuals in each department i.e.: Head of IT security etc.
- Use licensed software; using anti-malware software along with employee education can help prevent attacks.
- Network Segmentation – Segmenting your network should be a key focus, so that less secure networks have little or no access to Corporate zones.
Implementing these simple strategies can go a long way in keeping your network safe and should be messaged consistently throughout the school year. However, constantly looking and searching for security vulnerabilities and threats can be overwhelming and the simple steps you have in place may not be enough to eliminate threats. A good option is to work with a Cyber Security Solutions provider, like Secure ISS.
Secure ISS offers tailored Cyber Security consulting services, providing a range of security solutions such as Vulnerability Assessments. This assessment involves our team testing your network environment to see where vulnerabilities may lie. After an initial assessment, our team will provide an audit report with recommendations on where to prioritise solution and process investment to address any gaps found.
The threat of security attacks is real, don’t forget about the need for security in your school network until you have been attacked. Consistently educating your users and implementing a cyber security strategy is your best bet to protecting your network and making sure a cyber-attack never becomes a reality.