By Sunil Sharma
In 2020, it’s safe to say that we’ve certainly come a long way from considering technology to be a novelty, to integrating into every aspect of the educational system. What brought on this change was largely the COVID-19 pandemic, which necessitated the shutdown of schools and educational institutions across the country. Today, online classes are a norm, and not an exception, making them prime targets for cyber attackers.
In addition to regular security challenges faced, the new complexities stemming from COVID-19 are offering cybercriminals tailor-made opportunities for attacking school networks, and giving education institutes even more security challenges that need to be addressed to keep students and their data safe and secure.
Here are some of the challenges that educational institutes can face:
Phishing scams
We’re seeing an uptick in coronavirus related phishing scams, and so the chances of phishing emails making their way into the inboxes of teachers, administrators, and students is consequently high. Staff must be provided with comprehensive guidance that allows them to identify such emails. It’s critical to deploy advanced email security that blocks phishing emails, prevents data loss, encrypts email, and offers comprehensive protection against phishing.
Advanced malware attacks
As students and teachers spend more time online during coronavirus lockdowns, they are susceptible to inadvertently becoming victims of an account takeover, by unintentionally or carelessly sharing their information with cybercriminals. This allows criminals to log in to your school’s network, launch a ransomware attack, and take control of sensitive student data.
Shortage of skilled IT security staff
This is a challenge not unique to schools, but lack of skilled IT staff particularly leaves a school network susceptible to threats. Schools are shut down to control the spread of the pandemic. At most, there’s a skeletal staff at work, or else everyone is working from home. When this happens, who takes charge of your school’s IT security needs? Schools can find themselves with no one pushing network security, device management, and endpoint security policies. Critical reports identifying risky users, or which offer more information about regulatory compliance might not be leveraged effectively. This can give cybercriminals an opportunity to exploit weaknesses in your cybersecurity infrastructure to infect the network.
While these are just a few of the main attacks educational institutes are vulnerable to, it is equally important to understand the measures you can adopt to safeguard your network and its data. Below are some of the steps you can take to protect your institute from cyberattacks:
Managed threat response services
Having a team of cybersecurity experts on board, should not be seen as an expense, but rather an investment in your school’s safety. With the services of an expert team, they will deliver threat hunting, detection, and response services 24/7, so that you don’t have to. You don’t have to worry about spotting suspicious behavior or whether your cybersecurity configuration is on point because the team manages all security needs for your education institute.
Use of firewall security
For maximum safety, schools must deploy a next-gen firewall that detects and blocks ransomware at the gateway, and also prevents its lateral movement. Firewalls that offer built-in support for IPsec and SSL VPN connectivity, give schools the option to choose either or both, for secure remote connectivity. Additionally, through the uses of SD-WAN which is integrated in a firewall, schools can remotely connect with each other to securely share information between sites, and achieve consistent performance and availability for cloud applications. Synchronised security is also possible, which identifies if a remote device is infected and isolates it till it is cleaned, thus preventing the infection from spreading across the network.
Antivirus and web filtering
Unless your network of teachers and students are using a VPN, you will need to ensure their online safety, through web filtering rules which are set by your organisation. Through the use of a licensed antivirus, you will be able to block access to inappropriate websites, stop risky files from being downloaded, and provide category bases web filtering for Chromebooks and iOS devices. Phishing can also be prevented using advanced endpoint protection technologies to stop the attack chain and predictively prevent such attacks, features should also include automatic roll back to pre-altered state if files are encrypted. This will help protect data if students or teachers are using school-supplied laptops or tabs.
As Coronavirus cases continue to increase, there is a lot of uncertainty if schools and educational institutions will ever go back to functioning as they did earlier, or if an entirely tech-driven approach will become the new normal. Taking this into consideration, it is imperative for educational institutes to adopt cybersecurity solutions to maximise their safety.
(The author is Managing Director – Sales, Sophos India & SAARC)