Security Awareness Training for Schools and Educational Institutions
In our data-driven world, most organisations are at least partially dependent on a measure of electronic storage and networking. Perhaps out of experience, large organisations are generally aware of the need for effective cyber security frameworks including firewalls, access and awareness training, and anti-malware systems. Educational institutions, however, tend to be somewhat behind the curve, when it comes to tightly securing their data-verse. Recently, ethical hackers while testing the computer security of university networks discovered that they were able to successfully breach networks in less than 2 hours by using spear-phishing attacks to gain access to sensitive information. Well over 50 universities across the UK were a part of the test and in almost every case, testers were able to acquire domain-level administrator access used to control systems and gain complete unauthorised access to system information.
The education sector is becoming an increasing target for cyber-criminals and there are several examples to learn from. In 2016, the University of Calgary famously fell victim to a ransomware attack in which it was forced to pay out more than $15,000 to regain access to forcefully encrypted files. The following year, the University College of London (UCL) fell victim to another ransomware attack which took down its student management system. Earlier in 2019, an entire school district inConnecticut was locked out of its own data banks until a ransom was paid.
Every second spent on the internet increases your chance of becoming a victim of identity theft or a phishing email fraud. In the world of academia where digital learning and electronic documentation are now more or less the norm, this is especially important. From digital classes to online fee payments and cloud documentation, educational institutions have embedded at least one of these three factors which could possibly put them at risk of a cyber attack. Students who have to pay via online portals run a huge risk of falling victims to credit card fraud and identity theft if adequate measures are not taken to safeguard their data.
Logging on to attend online classes leaves students exposed to digital hacks and bugs, schools that run a free Wi-Fi system could very easily have their public hotspot hacked or cloned, giving hackers access to laptops and mobile devices of thousands of students and staff. Then there’s the fact that educational systems have a huge data collection of student history including personal data like birth certificates, home addresses, phone numbers, medical history and even bio-metrics. One hack into a school’s system could leave more than a thousand people exposed.
Cyber-criminals are well aware that a lot of educational institutions do not have the same cyber-security consciousness as major companies, making the sector a prime target for their criminal activities. A common tactic used by threat agents is spear-phishing attacks. Here, they target employees of an educational institution by spoofing an email to make it look as if it is coming from a senior member of staff and send it to people they’re known to work closely with. These messages will then send victims to websites that attempt to steal credentials or contain attachments which will drop malware.