Want to know the number one industry being targeted by cybercriminals? It is, unfortunately, education. It is particularly disturbing that they are preying on a sector that exists for the enrichment of young minds, but as we know, they do not discriminate.
When COVID took over and we saw devastation, cybercriminals saw opportunity. At the height of the pandemic, cyber attacks increased by 300% to the point where the global cybercrime industry is worth $600 billion. They are still trying to do everything in their power to steal your precious data, only now, it is even easier for them to get access to it.
Schools are facing a diabolical data situation in the current technology environment because data now is now housed across a broader range of cloud-based servers, school-based devices and BYOD (personal) devices. During COVID, many organisations were forced to relax their firewall policies and to enable remote access for WFH environments. In the case of schools, remote access was needed to facilitate virtual learning for millions of students and teachers.
Any schools that were not working on cloud-based servers were quick to migrate across in the last few years using platforms such as Google or Microsoft Azure. Something administrators may not have realised during this migration is that while major platforms have their own security measures in place, they are not responsible for the protection and control of that data. The onus lies with the school to avoid data falling into the wrong hands.
Working out a plan to protect data within a network seems straightforward enough, but what happens when that network has no visible parameters? And how do you contain the elements within something if you don’t know where they are being kept? This is where outsourcing your IT security can be of real value. When you have a body of students numbering into the thousands and hundreds of staff accessing your network from many locations, it’s important to know where your most important data is being accessed.
Map out your data
You can’t protect what you don’t know you have. Not surprisingly, most schools don’t have a great handle on where all of their data is. This is generally because the IT departments in schools are under-resourced.
Data and application mapping can be of immense value to gain a thorough understanding of what data is where, and who has access to it. The data mapping process will equip your school with a digital masterplan so you have a detailed reference of data locations across your network. This could be in public-cloud locations, on-premises, within secure virtual locations and held within dedicated software applications.
Data mapping can also shine a light on Shadow IT. This refers to the use of systems, software, devices and applications that do not have school or department approval. Shadow IT has grown in the last few years with the high level of cloud-computing migrations. For example, network users may want to share information, but when they can’t share from within the system, they’ll work around this by downloading information to a private dropbox or personal drive. Control over the data is then lost.
Once you have a data masterplan that reveals your data locations, you can build a policy and increase awareness around data compliance violations. This will greatly reduce the risk of untracked data being leaked or exposed so you can protect the identity of your students, maintain your security posture and avoid a potential ransom attack.
Extend your cybersecurity resources
To keep the leadership team content, we find most internal IT department leaders will relay that ‘everything is fine’ when asked for a cybersecurity status update. In reality, organisations should hope for the best, but plan for the worst. No one is immune to a cyber attack target and through experience, we have found IT leaders can underestimate their ability to respond. Given the tightening of the labour market, it is also becoming harder for schools to attract high-quality IT talent.
We can’t overemphasise the ways in which cybercrime is becoming increasingly complex and sophisticated. Even the most seasoned IT professionals may not be aware of these extreme threat levels and the reality of today’s risk. Given most IT departments in schools make up a small percentage of the staff body, their time is mostly assigned to daily operations. They do not have the capacity to constantly maximise cybersecurity resilience. It’s the duty of an external IT partner to understand how threats are evolving and how your school’s capability responds over time.
Extending your IT department outside the limitations of your school can ensure your cyber resilience is at peak performance. This includes identifying and addressing any weaknesses in your school’s cyber defence, monitoring systems for unusual activity and developing a clear and effective disaster recovery plan.
The truth is, even the most sophisticated organisations can be hacked, so seeking outside expertise may just be the difference between deflecting an attack or becoming the next cyber victim.
Assess your cybersecurity online with NetStrategy
Get an instant insight into your risk level with our cybersecurity self-assessment tool.