Over one million cyberattacks targeted the UK’s Open University from January to September in 2020 alone. Schools all across the US are also experiencing massive ransomware attacks that force systems to shut down. These are just a couple of recent events that show how serious the problem tormenting the education sector is.
“Due to the global pandemic, remote learning is gaining momentum, and so is malicious cyber activity. Unfortunately, educational institutions were not ready for this,” says Oliver Noble, a cybersecurity expert at NordLocker, an encryption-powered data protection solution.
What makes the education sector so attractive to hackers?
The COVID-19 pandemic has forced many students to shift to remote learning, which can’t guarantee security and privacy. According to Oliver Noble, the chaos provides hackers with new ways to attack students and teachers: for example, online classrooms get “zoombombed” by disruptive outsiders. “There’s also an increase in phishing emails that trick students and their parents into giving away personal information to hackers who impersonate school staff,” says the expert.
Schools and universities usually lack digital protection, and their systems might run on outdated software. “Hackers look for the weakest link, and unpatched vulnerabilities in an organization’s system or unsecured Wi-Fi networks don’t usually take long to find,” Oliver Noble warns.
You might think — why would a hacker need some student’s information? A student’s stolen Social Security number can be used by identity thieves to apply for government benefits, open bank and credit card accounts, apply for a loan or utility service, or rent a place to live. This is very appealing to hackers who sell stolen credentials and PII (personally identifiable information) on the dark web.
What practical measures can educational institutions take to protect themselves?
According to Oliver Noble, to protect the data of their students and employees, schools and universities should implement the following:
- Secure Wi-Fi network. Students, teachers, and even administration staff should operate on separate networks to limit access and restrict breaches to one network at a time. Hide names of administrative networks from lists of available connections and protect all routers with strong and unique passwords.
- Adopt zero-trust network access, meaning that every access request to digital school resources by a member of staff should be granted only after their identity has been appropriately verified.
- Encrypt files with staff and students’ PII to avoid data leaks in ransomware. User-friendly encryption solutions like NordLocker make sure important information stored on the organization’s computers is always protected from prying eyes with strong encryption. The tool also offers a private encrypted cloud for easy access and secure data storage.
- Have up-to-date backups available to keep the chances of data loss as slim as possible. If an attack is successful, there will still be an unaffected older version of the files. Again, a cloud solution for schools is a great way to back up data.
- Educate teachers and administration staff on cybersecurity. Since ransomware attacks usually start with a phishing email, awareness and education will help employees recognize phishing scams and avoid downloading malware or sharing sensitive information with impersonators.
- Use a VPN for a safe internet connection. To avoid outside risks, teachers and administration staff need a secure connection, and here’s where a VPN (Virtual Private Network) comes into play. It creates a secure encrypted tunnel between an employee’s device and the internet. A VPN protects the connection from third-party access, including hackers ready to breach the system.