Cyber security in education
Andy Samsonoff, CEO of Invinsec, talks cyber security
What springs to mind when you think of cyber security in education? It might be the responsibility to protect the data schools hold on pupils, staff and parents, including sensitive details such as medical, banking and pension information. Or perhaps it is the need to protect your school from data theft due to cyber security breaches involving any technology in use.
Across the entire education spectrum, technology is firmly rooted into how we teach. Using technology makes education a greater and more powerful tool, yet this opens the door to threat actors. The new General Data Protection Regulation (GDPR) means schools and colleges need to ensure data stored is secure, avoiding any Ofsted reports flagging up poor data management. With large fines and the risks to reputation, schools do not wish to incur losses.
The complex threat landscape in education
Cyber attacks are costly. One risk is known as shadow IT, where staff using a lot of cloud-based apps for lesson collaboration tools unwittingly make schools prone to cyber security problems. Threat actors attempt transfers of confidential materials through vulnerabilities, which can be as simple as leaving a laptop logged in or a password written on a notepad on the desk. One solution to prevent insider breaches is to apply user and entity behaviour analytics (UEBA). This alerts the institution to behaviours such as suspicious data transfers and where they originated.
Equally difficult to police are email breaches and phishing attempts from external sources. Bribed employees, disgruntled former staff, hacker students, or a careless, but well meaning volunteer could pass on data. In education, email addresses are easy to guess due to a reliance on categorising students by year group. External actors can also find useful data on social media profiles and in certain places on the school website to deploy social engineering attacks. Another risk to school data is the access third party providers and supply staff are given, making it paramount schools plan appropriate protection.
Outsourcing – a dedicated team to give 24x7x365 cover
Too often, schools leave their cyber security in the hands of an individual or in-house team, where the level of expertise with current cyber threats is limited. It is also impossible to monitor for unusual activity 24x7x365. For schools, a less expensive option is to outsource their cyber security. A provider can monitor systems, servers, networks and data covered by laws (such as the GDPR) and ensure good data management.
The best cyber security service will fuse people, processes and technology to create a highly effective Security Operations Centre (SOC) that protects schools 24×7, 365 days of the year. Fast and reliable, an expert team is vital to closely monitor your systems to identify and report threat activity instantly.
For more information visit www.invinsec.com