From education to employment

Secure Learning: Five best practices for data protection in the education sector

Tim Bandos, VP of Cybersecurity at Digital Guardian

The coronavirus pandemic has caused unprecedented disruption across a wide range of industries, but nowhere more so than the education sector. With many schools and university campuses shut for indefinite periods of time, teachers have had to rely on online teaching methods such as emails, videoconferencing and collaboration tools, in order to minimise disruption to their students’ learning.

However, with a significant number of educational institutions ill prepared and inexperienced in such remote working practices, they’ve quickly become the target for criminals and hackers looking to infiltrate their networks and steal the wealth of sensitive personal data contained within them. In order to combat this, these institutions must ensure they’re doing their utmost to follow IT security best practice wherever possible.

Below are five top ways of doing so, ranging from ‘simple but effective’, to the latest technology-based solutions that can help detect and prevent a huge number of attempted cyber-attacks and keep sensitive data protected.

1)     Conduct regular cyber-security training for all faculty members

It’s much easier to spot an attempted cyber-attack if you know what to look for, which is why regular cyber security training is essential.  Many cyber-attacks begin with social engineering and/or phishing emails, and with the volume of email traffic between teachers and students exponentially higher at the moment, it could be much easier for someone to carelessly click on a compromised link or attachment. Not only is regular training an extremely cost effective way to boost cyber security and data protection, it also helps keep employees up to date on the latest attack methods, which is key to staying one step ahead of attackers.

2)     Ensure all staff are using unique passwords for each online account

Re-using the same old passwords/credentials (or slightly modified versions) across different accounts is always a major security risk. Should an attacker manage to get hold of one set of credentials (e.g. a teacher’s Zoom login) they’ll quickly attempt to use them to access multiple other accounts (such as cloud storage drives, Windows credentials, etc.), which can lead to a more serious breach that’s much harder to contain. Thankfully, a small change in staff behaviour, combined with regular password expiry protocols, can quickly mitigate this threat. Good password discipline is something that should be covered as part of regular security training to keep it top of mind for everyone.

3)     Ensure operating systems and software are kept up to date on all IT equipment

This is a tip you’ll hear time and time again from security professionals, but for good reason. Operating system and software updates are not only important from a functionality standpoint, they also contain critical security updates that patch vulnerabilities. Where possible, enable automatic software updates to streamline the process and ensure you (and your staff) are always up to date. Leaving devices unpatched is a major gap in any organisation’s security posture and should be avoided at all costs.

4)      Consider utilising data protection software on faculty IT devices

Despite its widespread popularity and usage, traditional antivirus software only offers a baseline protection against well-known malware. This is simply not enough to stop many attackers, who use more sophisticated methods to penetrate systems and steal sensitive data. For more comprehensive protection, consider using data protection software that resides on the kernel level of endpoint devices and provides full visibility of all data being accessed and transmitted. The software should have the capability to fully lockdown confidential data, both structured and unstructured, and place enforcement policies on it to completely prevent it being removed from the IT environment it resides in without permission.

5)     Keep an eye out for suspicious user activity

Monitoring user behaviour for suspicious activity is one of the quickest ways to detect a security breach before it can cause major damage. If suspicious activity is identified (e.g. a teacher from the languages department accessing sensitive/confidential files from the science department, or the same login credentials being used on multiple devices at odd hours of the day), all parties involved should be notified immediately. Even with other forms of data protection in place, vigilant monitoring is still often the fastest way to identify a compromised account.

The ongoing pandemic has forced many organisations across the education sector to completely change their way of working in an incredibly short period of time, switching from traditional classroom based learning to e-learning, almost overnight.  Doing so has left many of them exposed to a wide range of cyber-attacks from both internal and external threats, putting sensitive data at risk. Fortunately, by following the best practice tips laid out in this article, many of the threats can be minimised, allowing teachers to get on with doing what they do best – educating and inspiring their students.

Tim Bandos, VP of Cybersecurity at Digital Guardian 

Tim Bandos, CISSP, CISA, CEH is an expert in incident response and threat hunting. He has over 15 years of experience in the cybersecurity world and has a wealth of practical knowledge gained from tracking and hunting advanced threats that targeted stealing highly sensitive data. A majority of his career was spent working at a Fortune 100 company where he built an Incident Response organization and he now runs Digital Guardian’s global Security Operation Center for Managed Detection & Response. 

Related Articles