![\"\"](\"https:\/\/education-today.co.uk\/wp-content\/uploads\/Screenshot-2024-04-26-144627-277x300.png\")
Comment by OLI VENN, SE Manager, Northern Europe at WatchGuard Technologies<\/p>\nComment by OLI VENN, SE Manager, Northern Europe at WatchGuard Technologies<\/p>\n
It seems like almost every time you read the news, there\u2019s a piece regarding another cyberattack on a school or educational institution.<\/p>\n
Schools and educational institutions can make for easy targets for malicious hackers for several reasons. The cybersecurity threat to the UK education sector is considered significant and growing. The sector is increasingly reliant on digital technologies for teaching, learning and administration, exacerbated by the need for rapid pivoting to new technologies in recent years due to the pandemic.
\nSeveral factors contribute to heightened cyber risk in this sector:<\/p>\n
Valuable data <\/strong> Resource constraints <\/strong> Increased attack surface <\/strong> Ransomware threats <\/strong> Improve defences <\/strong> Update and patch systems <\/strong> Secure configuration <\/strong> Multi-Factor Authentication (MFA) <\/strong> Firewalls and endpoint security <\/strong> Implement strong and secure Wi-Fi <\/strong> Cybersecurity frameworks <\/strong> Collaborate<\/strong> Professional support <\/strong> Awareness training <\/strong> Incident response planning <\/strong> Adopting a unified approach to cybersecurity <\/strong> To find out more, please visit: Comment by OLI VENN, SE Manager, Northern Europe at WatchGuard Technologies It seems like almost every time you read the news, there\u2019s a piece regarding another cyberattack on a school or educational institution. Schools and educational institutions can make for easy targets for malicious hackers for several reasons. The cybersecurity threat to the UK education …<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[45,4],"tags":[],"class_list":["post-16268","post","type-post","status-publish","format-standard","","category-computing","category-news"],"_links":{"self":[{"href":"https:\/\/education-today.co.uk\/wp-json\/wp\/v2\/posts\/16268","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/education-today.co.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/education-today.co.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/education-today.co.uk\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/education-today.co.uk\/wp-json\/wp\/v2\/comments?post=16268"}],"version-history":[{"count":1,"href":"https:\/\/education-today.co.uk\/wp-json\/wp\/v2\/posts\/16268\/revisions"}],"predecessor-version":[{"id":16270,"href":"https:\/\/education-today.co.uk\/wp-json\/wp\/v2\/posts\/16268\/revisions\/16270"}],"wp:attachment":[{"href":"https:\/\/education-today.co.uk\/wp-json\/wp\/v2\/media?parent=16268"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/education-today.co.uk\/wp-json\/wp\/v2\/categories?post=16268"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/education-today.co.uk\/wp-json\/wp\/v2\/tags?post=16268"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nEducational institutions hold large amounts of sensitive data, including personal information about students and staff, research data and financial records, making them attractive targets for cybercriminals.<\/p>\n
\nEspecially in primary and secondary education, there are often limited budgets and a lack of in-house expertise dedicated to cybersecurity, making these institutions more vulnerable to attacks.<\/p>\n
\nThe widespread adoption of online learning platforms, digital tools and remote access technologies, accelerated by the COVID-19 pandemic, has expanded the attack surface and introduced new vulnerabilities.<\/p>\n
\nEducation establishments have become notable targets for ransomware attacks, with attackers betting on the urgency and pressure these institutions face to restore access to educational materials and operational data. The sector faces special pressure as there is the implicit and explicit agreement and expectations that our children will be kept safe \u2013 and that safety must extend to online and digital environments. Our aim should be to protect sensitive information and systems – but also ensure the continuity of educational services in the face of growing cyber threats.<\/p>\n
\nThe education sector can rapidly enhance its cyber defences through a multi-layered approach, focusing on immediate improvements and setting the groundwork for long-term resilience. You should conduct an urgent cybersecurity assessment to identify vulnerabilities in the school\u2019s network and systems. When choosing who might conduct a cybersecurity assessment, consider the complexity of the network, sensitivity of the data held and potential impact of cybersecurity threats. Regardless of who conducts the assessment, it should be thorough, cover all aspects of cybersecurity (including policies, practices, and technical defences), and result in actionable recommendations. You have a range of possibilities here, from your in-house IT team to external cybersecurity consultants, specialised cybersecurity auditors, technology vendors, government or educational organisations or peer networks.<\/p>\n
\nToo often, we hear hackers gained entry to a network simply because of an unpatched vulnerability. Outdated software and IT appliances that don\u2019t get the necessary patching, upgrades and maintenance can be a source of vulnerabilities. Ensure all your network software and systems are up to date with the latest security patches.<\/p>\n
\nApply secure configurations to all devices and networks. This includes disabling unnecessary services, protecting sensitive data and ensuring proper access controls are in place.<\/p>\n
\nImplement MFA wherever possible, especially for accessing important systems and information. This adds an extra layer of security beyond just passwords, such as a physical token or key. Look for a solution with optimal user experience that makes it easy to enable authentication.<\/p>\n
\nInstalling robust firewalls protects your network perimeter. Adding Web Blockers with URL Filtering blocks web-based malware, helps ensure secure remote connectivity, and provides tight control over web surfing. Ensure all devices are protected with up-to-date antivirus software and consider adding EDR capabilities for continuous monitoring that prevents the execution of unknown processes.<\/p>\n
\nWi-Fi in educational institutions is often critical to enable learning and teaching duties. To deliver secure Internet access, focus on private networks and access points that can handle density without risks. Consider Cloud-managed Wi-Fi solutions for optimised performance, greater visibility, and reporting.
\nBackup and recovery plans <\/strong>
\nRegularly back up data and systems, and ensure these backups are stored securely off-site. Develop a comprehensive disaster recovery plan that includes procedures for restoring data and systems in the event of cyberattack.<\/p>\n
\nAdopt recognised cybersecurity frameworks and standards, such as those from the NCSC. These provide helpful best practices and guidelines for improving cybersecurity posture.<\/p>\n
\nParticipate in information sharing and collaboration platforms, such as regional and sector-specific cybersecurity groups. These can provide valuable insights into emerging threats and best practices.<\/p>\n
\nConsider hiring a cybersecurity firm or consultant to provide expert advice and support. They can help in assessing vulnerabilities, enhancing defences and training staff.<\/p>\n
\nIt\u2019s well noted that many attacks occur because of vulnerabilities in the \u2018wetware\u2019 \u2013 us humans. Sophisticated attackers know how to use malicious email techniques, for example, to get passwords and sensitive information from oblivious team members, who are frequently coerced into divulging information without realising what\u2019s happening. Implement regular cybersecurity awareness training for all staff and students, focusing on the importance of strong passwords, recognising phishing attempts, and safe internet practices. Educate teachers, employees and administrators about social engineering attacks to limit risk. Key security awareness education should include:
\n\u2022 Detecting phishing attempts
\n\u2022 Using email security best practices
\n\u2022 Avoiding weak or exposed passwords
\n\u2022 Reporting incidents to the IT department<\/p>\n
\nDevelop and test an incident response plan that outlines the roles, responsibilities and procedures for responding to a cyber incident. This should include communication strategies both internally and with external stakeholders. If your school or institution has been breached, report it to the appropriate authority, such as Action Fraud, the National Cyber Security Centre (NCSC), Information Commissioner\u2019s Office (ICO) or Local Authority. Bringing issues to public officials\u2019 attention can create additional opportunities to deliver greater funding or resources, helping educational institutions receive the support they need to optimise cybersecurity.<\/p>\n
\nManaging the IT systems for any educational institution is no small endeavour. The education sector needs security solutions that empower educators to deliver an inclusive learning experience. Access control, asset protection, identity security, and securing endpoints are only a few of the solutions required to enable a reliable learning environment. Disconnected security is no longer an option in the sophisticated threat landscape of 2024. Educational institutions need to adopt a unified and simplified approach to security.<\/p>\n
\nwww.watchguard.com<\/p>\n","protected":false},"excerpt":{"rendered":"