Why Education is a top target for hackers and how schools can ensure they are protected
Schools are not immune to cyber-attacks. A study by Check Point Research (CPR) found that Education and Research is the most targeted industry, with an average of 2,297 attacks against organisations every week. The Education/Research sector has also seen a 114% increase in monthly cyberattacks across the last two years, with Australia and New Zealand the most heavily attacked regions.
These statistics remind schools that cyber threats are a very real issue and that it is important to do what you can to prevent successful attacks. Successful cyber-attacks may result in schools being locked out of their systems and devices or having confidential data lost, stolen, or sold. This repercussion is obviously disruptive for day-to-day school operations and student learning, but also disruptive of school budgets and their image. These after-effects can last for some time as schools recover.
Why do hackers go after schools?
There are lots of different motives for cyber-attacks in the education sector, such as:
Disruption
With the main aim being to cause widespread disruption to your school’s network and negatively impact school productivity, these kinds of attacks are usually Distributed Denial of Service (DDoS) attacks. They’re relatively easy to undertake and can come from outside actors or students as a way to get out of classes and tests.
Data theft
Schools hold a plethora of private information such as personal details about staff, students and their families, financial information, and passwords that might be reused elsewhere. Now with more and more schools entrusting their information to the cloud, this information is all stored online. Cyber Attackers can steal this information and sell the data to a third-party company or use it as a bargaining tool to extort money.
Financial gain
Some schools handle large sums of student fees, which could be a reason for hackers to target schools.
Espionage
This is where attackers aim to find valuable information held by your school in a targeted attack. For example, if you’re working on a specific research project, and it’s deemed as being valuable intellectual property.
What can your school do to prevent these attacks (checklist)
- Check that your school website is not disclosing any personally identifiable information that could be used by scammers.
- Payroll, accounts, and leadership staff should also review what personal information they are disclosing publicly on social media and adjust their privacy settings if required.
- Make sure staff and students are educated about phishing email scams. Conduct awareness training.
- Rigorous password policies with non-dictionary words using a mix of lowercase and uppercase letters, numbers and symbols
Discuss with your ICT provider or person the following:
- Ensure any devices and software are up to date
- Antivirus and anti-malware software is installed on all devices
- Make sure your connection is secure when accessing your school’s network remotely or on personal devices.
- Make sure Multi-factor authentication is set up, especially for remote access to the school network
- Undergo a Network Security Audit to see how you can improve your cyber defence. New Era Technology has developed a specific Network Security Assessment Exercise for schools that include an audit, report, and recommendations for improvement in your school’s network security. Contact us to learn more.
Understanding your school’s threats
Our Network Security Assessment Exercise (NSAE) is a short, targeted program of work to help your school’s leadership and board to quickly and easily improve your network security and user behaviours.
NSAE examines key technical security aspects of the school’s network, as well as revising and tests staff competency on cybersecurity foundations and practices.
Once the assessment is complete, you’ll be provided with a clear and concise series of reports that:
- Pinpoint security improvements needed
- Outline a clear set of actions your school can take
- Recommendations for content filters and plans for updating (because let’s be honest, tech-savvy students can be motivated to find ways around filters)
- Provide clear, easy to understand information for staff to understand the importance of key security implementations.
Put simply, it’s all about providing a clear set of instructions to protect the devices staff and students use, the services they need to access, and the vast amounts of personal information that schools collect and manage.
Contact us to undergo your NSAE