From education to employment

How remote learning is forcing education institutions to shift their priorities to cyber, not just physical safety

Mark Belgrove, Head of Cyber Consultancy at Exponential-e

The pandemic has catalysed a sharp rise in the number of cyber-attacks. This trend is especially true as malicious actors have been looking to take advantage of the many vulnerabilities exposed by remote learning. For example, it recently come to light that laptops issued to children by the government to support their education over lockdown, had been infected with strain of malware linked to Russian servers.

This shocking news served as a wake-up call for the education sector – a reminder that it is unfortunately a top target for cyber criminals.

In fact, education organisations may have more to be concerned about than businesses. A previous study disclosed a shocking revelation – 59% of UK school and education institutions reported a security breach or attack in the preceding 12 months, compared to just 46% of businesses.

The same study also revealed the threat is much greater in higher education, with 57% of institutions having identified attacks or breaches at least once a week.

In light of this environment, it has never been more important for education institutions to ensure the cyber safety of all their staff and students.

Cybersecurity challenges are evolving

While 98% of schools are using antivirus software, and 99% are using some form of firewall protection, new, sophisticated attacks continue to emerge and prove successful, for which these traditional mitigation methods simply aren’t enough.

Phishing remains the most common form of attack. Its enduring success may be accredited to attackers’ ability to constantly update the fake ‘hooks’ used to fool victims. For example, since lockdown, cybercriminals have used malicious links hiding as video connection app links used for remote learning.

And it’s not just evolving hacking methods we need to be worried about. We’ve seen new methods to take advantage of video conferencing systems. “Zoom bombing” is when an uninvited user gains access to a video call or online class, and while this may seem harmless, it poses a serious threat to everyone’s privacy, and can be highly disruptive to the learning environment. It also runs the risk of students being exposed to indecent content, which was sadly demonstrated in the recent shocking news of a man exposing himself to a group of Year 7 pupils.

How to secure online learning

It’s evident that educational institutions need to adopt a vigorous cyber security strategy that not only takes into consideration the threats we have come to know, but even more importantly, novel threats that we are yet to witness.

The sharp rise in cyber-attacks has already encouraged new initiatives to improve the current state of the sector’s security. For example, The Department of Education (DfE) published a best practise guide for cybersecurity and remote learning. It is also now working closely with the NCSC and education institutions to continually educate on the best approaches for mitigating attacks, as well as what to do when they do occur. The DfE has also mandated that it will implement a formal plan for secure remote learning by September 2021. In the meantime, it is up to education institutions to keep students and staff informed and equipped with the right tools, so that they stay secure when working and learning from home.

In the first instance, IT teams across all levels of education can and should be implementing standard solutions to mitigate risks, for example by securing VPNs and implementing strong firewalls and internet gateways to protect IT networks from attack, unauthorised access, and malicious content.

Education institutions should be going the extra mile though, also considering mandating basic cybersecurity awareness and training for all staff and students to help implement good cybersecurity practices. More sophisticated IT solutions can also be implemented for a multi-layered approach, that secure and validate the identity of all network users, for example identity access management.

Remote learning, a new powerful tool in 2021

While 2020 may have demonstrated just how important cybersecurity is, remote learning has also shown its true potential when it comes to creating new channels for education. 

This bodes well for the future. However, as with any innovation, this also creates a more complex landscape for threats and mitigating them. Education institutions therefore need to adopt a sophisticated and multi-layered approach to security, one that is tailored to the systems, tools and materials used by students and staff.

A year on from our first lockdown, short-term security solutions have served well and protected many organisations from attack. But now is the time to consider long-term solutions that support a future of hybrid learning.

Mark Belgrove, Head of Cyber Consultancy at Exponential-e

Related Articles

Promises, Possibilities & Political Futures…

Tristan Arnison discusses the main UK parties’ education policies for the upcoming election. While specifics vary, common themes emerge around curriculum reform, skills training, and…