A new study reveals gaps in cybersecurity in the workplace around educational institutions in the US
A staggering 59% of employees in the education sector haven’t had cybersecurity training arranged by their current employer, according to a new survey commissioned by NordLocker, an encrypted cloud service provider. This is alarming information as the same survey reveals 61% of education professionals handle confidential data at work.
“Since education is among the top five industries most hit by ransomware, the organizations that don’t train their employees how to identify the potential risks and about the right measures to avoid them are on the brink of falling victim to various cybercriminal activities,” explains Oliver Noble, a cybersecurity expert at NordLocker.
One in five don’t use any cybersecurity tools
The survey reveals that 21% of employees in the education sector don’t use any cybersecurity tools at work. Among those who do use protection on their digital devices, antivirus is the most popular software (60%) followed by a password manager (50%), a VPN (35%), and a file encryption tool (24%).
“With cyber racketeers going after the overwhelming amount of personal student data some education workers have access to, employers who don’t urge their employees to use the necessary cybersecurity tools, or even worse, don’t provide them, are putting their reputation at stake,” says Oliver Noble.
26% would blame their employer for a data breach
When asked who should be responsible if they accidentally caused a data breach in their workplace, the majority of education workers answered with “both the employer and the employee” (47%). However, one in four respondents (26%) would solely blame their company if they were involved in a data breach.
“With the human element being one of the weakest links in a company’s cybersecurity and hackers looking for vulnerabilities to exploit, it’s easy to see why many employees believe their employer should ensure appropriate means to be able to withstand threats,” Noble says.
Four easy-to-implement cybersecurity practices for education employees
- Wi-Fi network security. To limit outside access and restrict breaches to one network at a time, establish separate networks for students, teachers, and even administration staff. All routers should be protected with robust and unique passwords.
- Zero-trust network access. Every access request to digital resources should be granted only after a member of staff’s identity is appropriately verified.
- File encryption. To prevent data leaks in a cyberattack, all documents with staff and students’ personally identifiable information need to be protected. User-friendly encryption services make sure important information stored on the organization’s computers is always protected from prying eyes with strong encryption.
- Awareness. Teachers and administration staff need to have cybersecurity training arranged periodically. Since cyber incidents usually start with a malicious email, awareness and education will help employees recognize phishing scams and avoid downloading malware or sharing sensitive information with impersonators.
Methodology: NordLocker commissioned a survey of 1,500 industry professionals in the US in October 2021.