From education to employment

Cybersecurity Lessons: How the education sector can swot up


Schools, colleges and universities are a prime target for hackers, Conor O’Neill, Co-founder and CEO of OnSecurity, a UK-based cybersecurity company that specialises in Penetration Testing, says. Below are the main areas educational establishments should consider to maximise their cyber security

Schools, colleges and universities are prime targets for hackers due to the volume of sensitive data they store. This data will range from student information such as their name, address and date of birth to their health and medical records such as allergies and preferred treatments. This is just student information too, schools and educational establishments will also record academic records, special education information, financial records and performance evaluations.

Hackers are itching to access this data. According to the official government website, higher education institutions had the highest percentage of identified breaches or attacks in 2023 with 85% falling victim, this was followed by further education colleges (82%) and secondary schools (63%). 

Further and higher education institutions were more likely to have experienced a wider range of breaches and attacks than primary schools or early years businesses. A higher proportion of these institutions identified impersonation, viruses or other malware, denial of service attacks, and breaches or attacks that fall into another category.

So, what will happen if your school becomes the victim of a cyberattack?

  • The trust between you, the students and the parents could be damaged if any of their sensitive data has been put at risk
  • Reputational damage will occur and prospective teachers might look for work elsewhere if the cyber attack is reported to a local news outlet  – teachers might not be willing to share their information with your school if they hear about the risks
  • You’ll face a host of regulatory obligations and potentially a huge bill to pay

How can the education system improve its security?

1) Implement Robust Attachment Policies

One of the biggest weak points within educational organisations is the amount of attachments flowing through the business. Awards and recognitions, credentials and certifications and teacher evaluations and observations. These can often be from unknown sources and teachers will click links or open attachments without a moment’s thought.

We highly recommend implementing file scanning for all attachments as well as wider education offered around suspicious links

2) Educate and train staff

One of the best ways to ensure teachers are protected against cyberattacks is to raise awareness of the risks. Try educating and training your staff through emails, newsletters, presentations and workshops.

3) Use a strong password policy

Often, at schools, colleges and universities, IT is responsible for password creation which typically never gets changed.

Introducing a strong password policy is a quick and easy way to protect yourself, your school and your teachers from cybercrime. Make sure all passwords are unique and contain a combination of letters, numbers and special characters. It is important to never use the same password for multiple accounts – if you do, then hackers will only need one password to access all of your accounts and the data they hold.

Always change or delete a user’s credentials when they leave the business.

4) Implement Two-Factor Authentication

Using Two-Factor Authentication is a great way to protect any confidential data in your network. Two-factor authentication works by asking users to provide two pieces of information to access an account. Common factors are a combination of something the user knows (such as a password) and something the user has (such as a smartphone). For example, instead of immediately gaining access to their accounts with a password, teachers and all other staff will have to provide a second piece of information (such as a code sent to their smartphone) to confirm their identity. Implementing Two-Factor Authentication acts as a second layer of protection and will help protect the sensitive information of students, parents and teachers.

6) Check your network security for vulnerabilities

Identifying and patching weak spots in your network security is vital for protecting your company. Weak spots in your network will be the first targets for cybercriminals, so it is important to assess your network regularly. Utilising vulnerability scanning tools to identify these spots will help remediate them efficiently and ensure they don’t go unnoticed in the future.

7) CRM logs and Privileges

It’s not unknown for disgruntled teachers to download data to take to another organisation. There is no need for most users to be able to download copies of your data. This is made more difficult if you are operating from spreadsheets as it becomes difficult to track user activities.

We therefore recommend investing in a secure CRM solution with robust access privileges and logging options.

Related Articles