The pandemic has left behind a level on uncertainty for many, and for students in particular. Schools, colleges and universities were forced to close for extended periods of time. Physical contact hours were replaced with virtual learning, while the university aspirations of many are now in question as institutions are making fewer offers as a result of budgetary constraints. Video meetings and collaboration platforms have been a lifeline over the past year, but this has made educational institutions vulnerable to the rising cybersecurity threat landscape.
A single data breach costs £3.1 million on average. The impacts from the pandemic have meant that education facilities cannot afford the severe financial and reputational repercussions from a successful ransomware attack. Students’ learning environments must remain productive both on and offline, as a matter of priority. The threat must be taken seriously as breaches are becoming all too common, and IT leaders and educational institutions need to act quickly to secure their data.
What is the risk?
The education sector is facing a wave of cybercrime as hackers look to harvest sensitive data for financial gain. In the past few months alone, the universities of Portsmouth, Northampton, and Hertfordshire have all fallen victim to separate attacks forcing them to close campuses and cancel lessons. What’s more, recent government findings found over a quarter (26%) of further education colleges experienced at least one breach or ransomware attack per week last year.
The impact of these attacks can be considerable, with a third of institutions having experienced a loss of control, money or data as a result. Not only this, but cyber-attacks are a severe drain on resources, owing to the significant amount of recovery time needed to re-enable critical services. Recent incidents affecting the sector, for example, have led to the loss of student coursework, school financial records, as well as data relating to COVID-19 testing. Clearly, the consequences of these attacks could be severe not only for the establishments that fall victim, but for any students and faculty affected.
The preventable mistakes
All too often, the origin of a breach can be traced back to simple slip-ups in online security posture. Over the past year, we’ve seen a rise in phishing emails where recipients are encouraged to open malicious files or links containing ransomware. Here, it’s up to the CIOs, CISOs and IT teams at educational institutions to provide students and staff with guidance around the tell-tale signs that constitute a likely breach attempt.
With the NCSC recently revealing millions were using their pets’ names as their password, it will come as little surprise that hackers are also regularly exploiting weak passwords. Personal information like this is often readily available on social media, where cybercriminals can find the details most commonly used in passwords and employ trial and error techniques to gain access to a user’s account.
Elsewhere, IT teams continue to be plagued by simple, yet avoidable security mistakes like password reuse. Our recent research revealed the average person uses the same password across four accounts in their personal and academic lives – while we’ve all grown accustomed to hearing news of data breaches, people fail to understand how easily their details could end up for sale on the dark web. This level of complacency not only puts the guilty offender’s details at risk, but could also have knock-on effects to others whose details are stored on exposed databases.
Safe learning is for everyone
The weakest link in any organisation’s security chain? People. Nearly 7 out of 10 people (68%) confess their passwords across different online accounts are similar. IT teams cannot afford this risk to sensitive data. Thankfully, technology is here to help reduce password friction and the probabilities of student and faculty records becoming at risk.
The easiest way to eliminate password-related security risks is during the log-in process for end users. Enterprise password managers can store countless credential in an encrypted, secure vault. Furthermore, protected password sharing capabilities help departments manage changing credentials more efficiently when there are staff changes. From there, multi-factor authentication (MFA) and single-sign-on (SSO) capabilities help to bolster security even further.
The pandemic has considerably increased online security, and IT teams must take charge across all aspects of security. Promoting strong security practices across campuses and using password management solutions to add additional layers of security will put overburdened IT teams’ minds at ease by knowing their data remains secure. With recent attacks leading to outages of critical learning resources and cancelled classes, concrete cybersecurity practices need to be implemented to create productive learning environments. IT teams, students and faculty need to work cohesively to increase security awareness and secure the next cohort of virtual learners.
By Dan DeMichele, VP Product at LastPass by LogMeIn