Photo by Philipp Katzenberger on Unsplash
As the Fall semester winds down, schools need to apply lessons from this year to the next. 2020 has been an unusual year for education but, for all its difficulties, it can serve as a jumping-off point for schools. Perhaps more than anything, this year has emphasized the importance of thorough cybersecurity.
As schools started back between July and August, weekly cyberattacks in education jumped 30%, compared to just 6.5% across all sectors. Educational facilities have always been prime targets for cybercriminals, thanks to traditionally low security and valuable data. As COVID-19 forced schools to accelerate digital transformation, they’re more vulnerable than ever.
These issues won’t go away in 2021, nor will they disappear whenever the pandemic does. Teachers and IT staff should secure prominent cybersecurity gaps to keep students and faculty safe in 2021. Here are some of the most glaring shortcomings this past year has exposed.
Lack of Threat Awareness
By far, the most significant weakness in educational cybersecurity is a lack of awareness. Many teachers and other staff members aren’t trained in how to spot security risks like phishing attempts. As a result, cybercriminals can take advantage of human error to infiltrate a system.
At least 16 different school systems fell victim to ransomware attacks between July and September alone. More often than not, these attacks start with phishing emails, calls or messages. When staff can’t spot a suspicious message, they could click a malicious link and give hackers access to their system.
Thankfully, the answer to this problem is relatively straightforward. Schools need to ensure that they provide thorough and regular cybersecurity training to all staff members. Faculty should know what cyber-threats look like, their urgency and how to respond appropriately.
Since kids tend to learn tech habits through example, good cyber hygiene in teachers can positively influence students. Teachers, especially those with remote students, should take time to explain basic cybersecurity practices to kids and demonstrate them.
Poor Access Management
The shift to remote learning may be the most significant change the education system experienced this year. It was also one of the leading causes of security breaches, mainly due to inadequate access controls. Since experts predict this trend to continue after COVID-19 subsides, securing these systems is crucial.
With students and teachers using personal devices to access school files, endpoint security becomes a more pressing concern. Schools can address this by enacting stricter access controls, like multi-factor authentication. Segmenting the network so only specific users can get into particular parts of the system will also help mitigate any damage.
Requiring users to use VPNs when accessing school systems is another recommended security practice. Since online students may be using unsecured networks, VPNs can provide a needed layer of encryption. Schools may not be able to require students to use these tools, but they may be able to provide them.
Reliance on Legacy Systems
Outdated systems quickly become vulnerabilities in the fast-changing world of cybersecurity. Unfortunately, many schools rely on old technology and often don’t have the funding to upgrade. While schools may not be able to do much about their devices, they still have some options.
By adopting cloud services, schools can take advantage of the most recent security tools without upgrading devices. Cloud computing avoids vulnerabilities from direct network connections and outdated in-house security. The need for flexibility amid the pandemic has also emphasized the benefits of the cloud, leading more schools to embrace it.
None of this is to say that cloud computing doesn’t come without its risks. Migrating to the cloud can be challenging for IT staff, and systems could become vulnerable during the transition. Schools that shift to the cloud will have to do so slowly and carefully to avoid extra security gaps.
Schools Should Take Cybersecurity Seriously
In the past, cybersecurity may not have been as substantial a threat to educational facilities. Now that schools are more tech-centric and cybercrime is rising, that’s not the case anymore. Education, from elementary schools to universities, needs to adopt better cybersecurity practices.
2020 has been a tough year for schools’ cybersecurity, with frequent breaches and mistakes. Educational professionals can take these shortcomings as a chance to improve for the next year, though. Addressing these security gaps is the first step to providing secure networks for teachers and students.
Discover more resources with RobotLAB!
Shannon Flynn
Managing Editor - shannon@rehack.com