Securing Education: Addressing the Rising Risk of Cyber Attacks in Schools and Universities

Responses by Apu Pavithran,founder and CEO of Hexnode

What is the importance of cybersecurity in the educational sector?

EdTech is now a crucial part of almost all levels of education, from schools to universities. Today, kindergarten students attend their classes through Zoom. Many schools now commonly use Google Classrooms and higher education is gradually being automated with the help of platforms such as Udemy and Coursera. This shift towards using digital tools has made the educational industry home to a large mine of sensitive data, including financial information, research data, and the personal information of students, their parents and all school staff. And, all this data is sitting right there, unprotected, with a huge target mark on them for cyber criminals to abuse. Incidents like the LA school district hack of 2022 which leaked 500 gigabytes of data are a reminder of the rising need for stringent cybersecurity measures within the sector. Moreover, the fallout resulting from such attacks further emphasizes the need to safeguard data. Even though most schools refuse to pay ransoms, the expenses accompanying ransomware attacks can range anywhere from $50,000 to $1 million. Furthermore, being forced to shut down schools negatively affects the whole community. In order to prevent this, the industry must take all necessary measures to secure its applications and systems and endeavor to find solutions to any obstacles.

What measures can educational institutions take to protect themselves from cyberattacks?

Educational institutions can take several steps to safeguard themselves against cyberattacks. One effective approach is to conduct attack drills to uncover vulnerabilities in their existing cybersecurity architecture. Once identified, appropriate actions can be taken to address these weaknesses. Given the multitude of devices connected to an educational institution’s network, such as faculty devices, desktops, laptops, kiosks, and personal student devices, protecting this vast landscape is crucial. Measures can include blocking students from accessing malicious websites and educating them about phishing attacks, encrypting and securing faculty devices, and implementing necessary precautions to safeguard campus servers where sensitive data is stored. Additionally, with the growing reliance on cloud-based systems, ensuring robust cloud security is also essential. For those building new systems or revamping existing ones, adopting a zero-trust security framework could be a prudent choice.

The concept of zero-trust might sound daunting for some, but what it essentially means is to never grant continuous trust. Even when a user’s identity is verified, trust should be periodically evaluated. This includes using an IAM for establishing identities, a device management solution for securing endpoints, a network access system like ZTNA for securing remote connections, firewalls as a service for safeguarding the network border and endpoint detection services to observe and detect threats and attacks. While there are many other solutions, these are fundamental for an effective cybersecurity architecture.

What are some of the challenges that are associated with the implementation of the measures mentioned above?

The primary challenge for educational institutions is limited resources. When I say resources, it isn’t just about financial resources but also a lack of cybersecurity expertise. Of course, the limited financial budget is a significant barrier. However, the repercussions of a successful breach, to both capital and image are far worse. Hiring an MSSP (managed security service provider) can help get over this specific obstacle. MSSPs provide cost-effective solutions and expertise that institutions might not have in-house.

Another particularly aggravating challenge is user behavior. Any given school or institute can have hundreds and thousands of students, dozens of teachers, and other non-teaching employees. By falling for phishing schemes, employing weak passwords, or joining insecure Wi-Fi networks, any of them might unwittingly compromise the network. Educating all of them about the dangers of prowling the wild web and showing them how to use the implemented measures to safeguard themselves from such pitfalls is critical in such a scenario.

Could you elaborate on why device management is essential for educational institutions in your capacity as a provider of such a solution?

A comprehensive and safe security architecture can only be attained when devices, users, and the network are equally and collectively secure. Device management solutions, as the name suggests, take care of the devices. More modern device management solutions like our Hexnode, are called UEM (unified endpoint management) solutions. UEMs can cover every endpoint from desktops to laptops, mobile devices, and even IoT devices. With the help of such solutions, institutions can remotely manage and keep an eye on all the devices connected to their network to make sure that they are safe, patched, and up to date. The capability to manage multiple operating systems also ensures that every device, from iPhones to Windows devices to Android mobiles and smart TVs can be secured. Additionally, UEMs may also assist organizations in tracking down stolen or misplaced devices and remotely wiping them to prevent data breaches.

Besides security, such solutions can help manage all the applications on each device and even prevent students from installing unnecessary applications or visiting malicious websites. Although it takes a while for a non-tech-savvy person to get used to it, a UEM can take the load off schools that don’t have dedicated IT departments by providing a single console from which every endpoint can be accessed.

You mentioned the importance of cybersecurity awareness training in protecting educational institutions from cyberattacks. What more can you tell us about this?

Many cyberattacks are effective because they take advantage of people’s vulnerabilities, such as clicking on phishing websites or sharing passwords among employees. Faculty, staff, and

students may benefit from cybersecurity awareness training by learning about the most recent dangers and how to protect themselves. It also aids in fostering a cybersecurity culture inside the organization, where everyone assumes responsibility for safeguarding critical information and systems.

The recent legislation passed in North Dakota makes cybersecurity education mandatory in the state. This is a first in the country and is a huge step towards enlightening students on the dangers in cyberspace and how they can safely navigate them. Such practices along with regular training sessions for teachers and other employees will help cement cyber hygiene as an integral part of today’s digital world.

Apu Pavithran is the founder and CEO of Hexnode, the award-winning Unified Endpoint Management (UEM) platform. Hexnode helps businesses manage mobile, desktop, and workplace IoT devices from a single place. Recognized in the IT management community as a consultant, speaker and thought leader, Apu has been a strong advocate for IT governance and Information security management. He is passionate about entrepreneurship and devotes a substantial amount of time to working with startups and encouraging aspiring entrepreneurs. He also finds time from his busy schedule to contribute articles and insights on topics he strongly feels about. 

Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.