How to protect your school from cyber attack

by Jon McGettigan01 Nov 2017
Today’s schools are technology-rich environments. They have long used internal systems to store personal data records of students and faculty but, today, that technology infrastructure must be optimised to accommodate the shift to a new digital education model.

According to the Australian Bureau of Statistics 79% of children aged 5-14 years use the internet, mostly for education, and just over 86% of those access it from school. 

With 81% of Australian students using desktops laptops, or tablets at least once per week (significantly higher than the global average of 54%), schools’ IT departments have the challenge of building an infrastructure that can support a variety of devices from multiple manufacturers, prioritise requests, and follow compliance standards.

In addition to smooth day-to-day operations, schools must also ensure their network and connected devices have a strong cybersecurity component. Below are some examples:

Internal segmentation to limit threat

In addition to having strong network perimeter defences, schools should implement internal segmentation, so that should a device become infected the rest of the network will not be compromised. Beyond network security, the increasing number of devices can also put strain on a school’s bandwidth. This means schools should consider investing in quality of service tools, such as caching, which can filter and prioritize requests to ensure and maintain higher network speeds, and a better user experience.

Increasingly sophisticated cyber threats

While students and faculty are increasing the number of devices and applications that have access to their school’s network, cybercriminals are searching for vulnerabilities they can exploit, be it an insecure application or endpoint, or an uninformed user. Cyber threats are constantly becoming more sophisticated. Motivated by a desire to exfiltrate sensitive data to be sold on the dark web, schools are high impact targets for cybercriminals because they house personally identifiable information, health records, and financial information.

Ransomware, the most recent wave of cybercrime, has also hit the education sector hard. A recent survey  highlighted that education witnessed one of the largest increases in data breaches in the first half of 2017, up by 103% over the previous half (H2 2016) with an increase over more than 4,000% in the number of records lost, stolen or compromised. These attacks can cripple a network, and are often spread through phishing attacks proliferated through email. With this is mind, schools need to consider the security posture of their email servers, and ensure their firewalls are updated to detect and reject known versions of ransomware.

Expanding threat surface

In 2015 Digital Technologies  was added as a subject in the Australian Curriculum for Foundation to Year 10, to teach students skills in computational thinking and information systems. The Australian Government also announced $51m for school programs  to better equip students and teachers with skills in digital technologies as part of its National Innovation & Science Agenda.

Digitised curriculums mean increased application use in the classroom, while students are using their devices to access social applications and more, all while connected to the network. Since web application attacks are one of the most common sources of data breaches, unpatched vulnerabilities or insecure code in web apps put schools at high risk. The success rate of these attacks has moved application security, such as web application firewalls, to high priority among IT teams.

Additionally, for many industries, robust cybersecurity is considered a best practice that helps avoid the financial, reputation, and productivity damages that can result from a cyberattack. However, for industries like education, healthcare, and finance, cybersecurity is also legally mandated.


Related stories:
Is your school protected against cyberthreats?
Cyberbullying a major concern as school year begins
 

COMMENTS