One thing the pandemic has highlighted about institutions of learning is how much they fall behind on matters of cyber maturity. 2020 made it clear how susceptible the entire education sector was after a cyberattack forced the University of California, San Francisco, to pay hackers 1.14 million USD. The security gap is not a U.S. issue alone, as school districts from North America to Asia have fallen victims to ransomware and cyberattacks.
Remember, schools don’t simply hold learning data. They store sensitive information, including social security numbers, contact addresses, and financial and medical information for students and faculty members.
An article in the Wall Street Journal in September revealed that Clark County Schools District in Las Vegas fell victim to a cyberattack when hackers posted information on 320,000 students and faculty on their website. This exposure happened after the institution failed to pay a ransom.
The Toledo Ohio Public Schools suffered a more catastrophic cyberattack when hackers published sensitive information such as dates of birth, disability details, exam grades, and even listed information of foster children.
These examples are but a few that prove why schools must take a more proactive approach.
Access and Basics of Cybersecurity in the Education Sector
The EDTECH Leadership Survey report revealed that only 23% of IT leaders in this sector had employed a full-time IT security staff despite citing that cybersecurity was top priority. For this reason, many institutions have to begin with the basics.
Limiting access is the first step in securing systems. Essential questions to ask include:
- How many people have access to the school’s data?
- What platforms exist?
- Do the people with access require it in the first place?
- Is the data accessible remotely or onsite?
There are three steps institutions should take to address access to sensitive information.
- Secure the “crown jewels.” Privileged Access Management (PAM) is necessary to limit access to sensitive information, promote traceability, protect passwords, and safeguard onsite and remote logins.
- Install anti-ransomware software. Endpoint Privilege Management (EPM) is critical for that additional layer of defense against viruses and malware.
- A vital step to secure all activities, including standard and privileged access, involves centralizing applications and user IDs. Such a move is possible through multifactor authentication and identity federation.
Institutions can then progress to master access concepts like the Zero Trust approach and the Principle of Least Privilege.
Securing Learning Institutions Requires a Take-Charge Approach
Recent years have proven that cybersecurity isn’t solely for the workplace but all sectors, especially Education. And with cyberattacks on the rise, all leaders must take practical steps, specifically securing access to bolster their cyber maturity.
About Atlantic, Tomorrow’s Office
Atlantic is an award-winning office technology and IT solutions company providing Imaging Products, IT Support, Document Management, Cybersecurity and Managed Services to small and large companies in the New York City metropolitan area, and the Greater Philadelphia and Delaware Valley.
For the latest industry trends and technology insights visit ATO’s main Blog page.