Creating secure learning environments for all

The pandemic’s disruption has left students feeling uncertain for their futures. Schools were forced to close doors for the most part of a year, and home-schooling and virtual classes replaced physical contact hours. The hopes of university for thousands rested on the decision of an algorithm until a last minute U-turn. Technology has been key to helping schools maintain some semblance of normality over the past year. However, even educational institutions have not been able to escape the risks of cyber-attacks in the new landscape.
Successful ransomware attacks do not come cheap. The average data breach costs over £3 million, and won’t just affect institutions financially but also hinder their reputations. Maintaining productivity levels in the virtual world was the priority as disruptions continued. The new learning environments had to be as close to what they were in the physical classroom. But as breaches continue to affect schools, IT leaders need to understand the risk and ensure appropriate actions is taken to secure data.
The threat is real
The education sector is facing a wave of cybercrime as hackers look to harvest sensitive data for financial gain. March saw the fourth cyber-attack of its kind on the Harris Federation, which led to emails and devices that had been given to students being temporarily disabled. In another similar attack in the US, hackers demanded $15m from an institution, proving just how ruthless they can be. Not only this, but recent government findings found nearly a quarter (24%) of secondary schools had faced at least three breaches over the last 12 months.
The impact of these attacks can be considerable, with a third of institutions having experienced a loss of control, money or data as a result. Not only this, but cyber-attacks are a severe drain on resources, owing to the significant amount of recovery time needed to re-enable critical services. Recent incidents affecting the sector, for example, have led to the loss of student coursework, school financial records, as well as data relating to COVID-19 testing. Clearly, the consequences of these attacks could be severe not only for the establishments that fall victim, but for any students and faculty affected.
Complacency increases risks
All too often, the origin of a breach can be traced back to simple slip-ups in online security posture. Over the past year, we’ve seen a rise in phishing emails where recipients are encouraged to open malicious files or links containing ransomware. Here, it’s up to the CIOs, CISOs and IT teams at educational institutions to provide students and staff with guidance around the tell-tale signs that constitute a likely breach attempt.
With the NCSC recently revealing millions were using their pets’ names as their password, it will come as little surprise that hackers are also regularly exploiting weak passwords. Personal information like this is often readily available on social media, where cybercriminals can find the details most commonly used in passwords and employ trial and error techniques to gain access to a user’s account.
Elsewhere, IT teams continue to be plagued by simple, yet avoidable security mistakes like password reuse. Our recent research revealed the average person uses the same password across four accounts in their personal and academic lives – while we’ve all grown accustomed to hearing news of data breaches, people fail to understand how easily their details could end up for sale on the dark web. This level of complacency not only puts the guilty offender’s details at risk, but could also have knock-on effects to others whose details are stored on exposed databases.
Securing the next cohort of virtual learners
Security is often hindered by human slip-ups. Over half (52%) of us have admitted that we’d forget our passwords if they weren’t written down, but IT teams cannot afford this risk to sensitive data. Technology is on hand to reduce password friction and limit the chances of student and faculty records falling into the wrong hands.
Enterprise password managers, for example, can store an unlimited number of log-in details in an encrypted, secure vault and remove the need to write down passwords or rely on autofill. When teams undergo structural changes, password managers can simply share and manage access securely. Single sign on (SSO) and multifactor authentication (MFA) also provides added layers of security and allows staff to seamlessly login. 
The pandemic has meant institutions are more at risk to online security threats than ever before, and IT teams need to be in control at all times. With security hygiene under the spotlight, password management solutions can help relieve stresses of overburdened IT teams and bring peace of mind that their institution’s data remains secure. Solid cybersecurity defences will mean classes can continue as usual without the fear of being affected, providing a productive learning environment for students. IT departments, students and faculty must work as teams to improve security awareness, and ultimately secure the next cohort of virtual learners.