In a survey, higher-ed leaders revealed that staff don't think of themselves as targets for data theft, underscoring cybersecurity needs.

Cybersecurity should be a concern on your campus–here’s why

In a recent survey, some two-thirds of respondents in the education sector revealed that staff don't think of themselves as targets for data theft exploits

Higher education institutions keep getting hacked, despite (or perhaps partly because of) the accumulated and ever-expanding wealth of knowledge and expertise within their walls. K-12 security breaches have multiplied – hitting new records over the past year. To successfully breach schools and institutions, hackers often take advantage of insiders, sometimes even targeting students directly on school issued computers. And this is not a new problem.

Some experts suspect schools, universities and colleges are being deliberately targeted – whether for monetary reasons or intellectual property theft. Either way, it’s clear that developing and fostering effective defenses mean taking a multi-layered approach.

Today, no effective cybersecurity policy can rely solely on centralized software applications such as antivirus and network firewalls; organizations must aim to close off all potential attack surfaces to minimize chances of a damaging data or information breach.

And, on or off campus, everyone needs to care about cyberattacks and information security, not least because wireless connectivity has become ubiquitous, spreading out from the campus and between staff and students wherever they work or study.

Education Institutions are Struggling on Cyber Threats

Despite the need for campus-wide involvement, according to a recent survey by Apricorn, education organizations are lagging behind other sectors and industries when it comes to IT security practices.

Some 67.19% of respondents–more than two thirds–from the education sector say employees at their institutions don’t think of themselves as targets that attackers can use to access data. That compares to just 37.5% of professionals working in the IT space, for example.

Also, only 26% of respondents in the education sector confirm they have policies for how to respond in the event of a device being lost or stolen, whether to mitigate risk or guarantee an intact cybersecurity posture.

Overall, the survey data points to a lack of cyber-resilience – the ability to prepare for, respond to and recover from a breach or security threat – which is both unnecessary and troubling.

Worse still, the 2021 survey highlights that IT professionals in general, the very people tasked with keeping education IT systems and services safe, may tend to put too much trust in other people who come in contact with their systems, from other staff members, to their own relatives, and other third parties.

Misplaced trust is risky. School systems and institutions must strengthen their cybersecurity posture, consider security policies, boundaries and processes related to how they handle data, and make policy adjustments inside organizations and within agreements with partners.

Every School Can Mend its Fences

The good news is that educational institutions can easily fix this situation. With a focus on strengthening their capabilities to protect and encrypt data, restoring data quickly after an incident, and establishing and remediating the cause or causes of attack they can demonstrate the necessary due diligence to stakeholders.

An important first step is to bring all your people together and build a new security culture – establishing a framework for communicating your needs, listening to theirs, and educating each other on ever-evolving gaps in requirement and practice as they emerge. Investigations have revealed that organizations can be weak at this.

Only then can you become a team, working together toward the same goal, instead of getting in each other’s way or simply ignoring the reality of ever-advancing cyber threat.

If you’ve done that, then it’s time to put the right policies and tools in place to protect your data and assets beyond the firewall. This means encryption of all data whether stored or in transit across the network, including deployment of endpoint hardware encryption.

Hardware encryption at the end point has become a critical strategy for protecting organizations of all kinds where people interact inside and outside a central network – whether studying at home, answering public or internal inquiries, or grading papers on or off-campus.

Many schools and institutions will also have people on the network using their own cell phones, tablets or laptops – so make sure the IT security team has implemented corporate usage policies and provided secure devices that mitigate the inherent risk. The right policies and devices not only secure your network and assets but give true freedom to your users, enabling them to benefit from institutional resources any time or place.

Of course, no approach is perfect. Breaches may still occur despite your team’s best efforts combined with the most advanced, centrally managed and monitored internet security applications.

Therefore every organization and team member should incorporate a solid policy that includes the practice of regularly backing up all essential and valuable information offline – completely disconnected from the central network – as part of a regularly revised and tested disaster recovery strategy. That way, if the worst does happen, any damage done can be minimized.

Preventing Breaches Regardless of Endpoint

Easy-to-use, portable hardware encrypted USB and hard drives are a useful add-on as part of maintaining this all-round security. Assigned to staff, these can enable any user to store data securely – and completely offline – as well as move it securely around and between locations as needed.

Looking at the number of incidents, anyone might justifiably feel like giving up. After all, cyberattacks on education institutions are rising and run the gamut from student and staff data breaches to outbreaks of ransomware, increasingly sophisticated phishing and social engineering, denial-of-service (DoS) attacks, new-style attacks like remote ‘Zoom-bombing’ class invasions, and more.

Luckily, the best response isn’t about trying to counter individual threats. Instead, teams should talk to each other and work together to establish a proactive, regularly revised and tested cybersecurity posture and policy that addresses all your endpoints and points of entry as well as activity on the network itself.

Sign up for our newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.

eSchool Media Contributors