Blog

Our perspectives on the latest industry trends and technologies for education, SMB and enterprise.
September 24, 2021

The future success of education technology lies in robust IT risk management

Robust IT Management

The COVID-19 pandemic has accelerated the shift to remote, home-based learning. As restrictions ease around the world and in-person classes resume, educational facilities returning to the new normal need to update cyber and physical security defences to protect learners in a new, digital-forward environment.

Schools have been a top target for cyber criminals since remote learning started to take off. According to a report, 2020 marked a record-breaking year for cyberattacks against public schools in US1, with similar incidents happening in the UK2. In 2021, schools and governments have started to respond – pledging millions to upgrade campus security at educational institutions3.

Seamless and hybrid learning is here to stay. As schools continue to embrace devices and technologies to teach, the time is now for school administrations and IT departments to shore up their capabilities in cybersecurity and data privacy to ensure the best learning environment for students and teachers.

An ideal target

Schools have always been a goldmine of valuable personal information. Students’ identification numbers, health information, as well as parents’ payment details are all ripe for exploitation. In the age of hybrid learning, students and teachers also interact with multiple devices in a day, transferring them between home and school – further opening school systems up to attack through unsecured laptops, tablets and networks.

Cyber attackers are also evolving, using increasingly sophisticated attacks such as phishing, DDoS attacks, social engineering and other methods that we haven’t dreamed of yet. These are more than capable of getting past antivirus software and firewall protections that are currently deployed at most schools. Compared to private enterprises, many education systems simply lag behind in cybersecurity and data-privacy skills, technologies and protocols needed to defend against the cyber threats of today.

The numbers speak for themselves. Microsoft’s global threat activity tracker4 reports that the education industry far outstrips other sectors in the reported number of enterprise malware encounters in the last 30 days. The Apricorn 2021 Global IT Security Survey5 corroborates this, finding the education sector to be the most at risk for cybersecurity breaches and data loss.

Worryingly, 69.4% of Apricorn survey respondents from the education sector don’t think of themselves as targets that attackers can use to access data, compared to 37.5% in information technology. But clearly, it’s high time that schools re-evaluate their cybersecurity and data privacy practices to secure the future of hybrid learning and education.

Multiple layers of safety and security

A robust IT risk-management implementation must take a zero-trust approach to security, which requires verifying anything and everything trying to connect to its systems. This encompasses both the hardware and software components of education systems, such as the devices that students and teachers use every day, the system that these devices connect to, the ways that identity is authorized and controlled on school applications, and the tools used to monitor the whole IT ecosystem.

Hardware protection is a low-hanging fruit that schools can tackle first. Schools should start with hardware root of trust as the foundation for all secure operations, such as a certified Platform Firmware Resilience (PFR) server that comprehensively prevents all attacks on firmware. Next, secure digital devices. While devices allow students and teachers the mobility to work anywhere, it is inevitable that laptops and tablets could be left in unsupervised locations and exposed to grab-and-run thefts. Devices that come with Kensington security slots and padlocks will be useful to prevent such attempts, and chassis-intrusion alerts can help alert users almost immediately to any tampering.

At the next level, schools must protect passwords and encryption keys to deter hackers from accessing sensitive data. Processors with built-in multi-factor authentication and data-encryption solutions mitigate security risks and automatically protect young students’ files. Devices with built-in Trusted Platform Module (TPM) chips also ensure that keys, digital certificates, passwords and data are securely stored. Biometrics such as fingerprint and face authentication as well as physical defences, like webcam shields, are also the norm now – so students and teachers will expect a similar level of security integrated into issued devices. Even so, disguised cyber threats can sneak in over network-attached devices to steal private data or transmit inappropriate content. In that case, a commercial-grade intrusion-prevention system that is able to perform in-depth scans of all inbound and outbound internet data and block such attacks will be critical.

In the event that a network user is compromised, or a hacking attempt is made through an external USB device, school administrations and IT departments must be able to find and prevent such actions rapidly. A centralized IT-management system is part of the solution, with advanced artificial intelligence (AI) options available on the market to quickly disable unauthorised access to confidential data and reduce virus infection.

A shared attitude toward data safety

Hardware and software protection must work together in a multi-layered defence system to fully protect the digital educational environment. Powerful and reliable anti-virus software that can proactively ward off viruses, malware and other unwanted programs, secure internet browsing and safely store files and passwords across devices are the gold standard. At the same time, cyber hygiene is crucial – requiring IT teams to be on the ball about updating applications and patching security holes.

Today, every student and faculty member is using multiple devices to access school systems for work and learning. With so many entry points for cyber threats, updating data-protection and cybersecurity skills in the education sector is particularly important. Schools must pay special attention to student and employee awareness – when a data breach can start from anywhere, everyone is responsible for the safety of school systems. With a shared attitude toward data safety and a robust IT risk-management framework, only then can the education industry soar to new heights with the possibilities of hybrid learning.

  1.  K12 SIX, The State Of K-12 Cybersecurity: 2020 Year in Review, https://k12cybersecure.com/wp-content/uploads/2021/03/StateofK12Cybersecurity-2020.pdf 
  2. ZD Net, Cyberattack shuts down online learning at 15 UK schools, https://www.zdnet.com/article/cyberattack-shuts-down-online-learning-at-15-uk-schools/
  3. Security Magazine, ARP funding to boost school safety, technology upgrades across the U.S., https://www.securitymagazine.com/articles/95252-arp-funding-to-boost-school-safety-technology-upgrades-across-the-us 
  4. Microsoft, Cyberthreats, viruses, and malmare, https://www.microsoft.com/en-us/wdsi/threats
  5. PRnewswire, Education Industry at Higher Risk for IT Security Issues Due to Lack of Remote and Hybrid Work Policies, https://www.prnewswire.com/news-releases/education-industry-at-higher-risk-for-it-security-issues-due-to-lack-of-remote-and-hybrid-work-policies-301339460.html