4 foundations for increasing student data security
Cyber attacks and data breaches are often perceived as something that happens to someone else. However, PrivacyRights.org calculated that there have been 11 billion records involved in public data breaches in recent times – exceeding the global population by almost 50 per cent.
Education providers need to be vigilant in this environment. While not a traditional target for those seeking treasure troves of valuable data, the move to remote learning during Covid-19 has focused more attention on the data risk posed by hackers, internal fraud or even state-sponsored actors.
There are four foundations educators can use to ensure they are always ready for what’s coming.
1 Understand the threats
The threat landscape facing educators is constantly in flux. From the increasing sophistication of external phishing attacks (including ‘social engineering’ attacks on high value actors) to emerging threats like malvertising on Facebook feeds or even fraud from internal actors, educators are open to threats from a wide range of sources that are employing creative techniques to access data.
This means educators need to pay more attention to understanding the threats they face. Are the passwords across your business protected by Multi-Factor-Authentication? Are employees aware of the variety of threats they may face, including suspicious emails and SMS messages? What has your organisation done to protect against phishing or ransomware? Understanding threats is step one.
2 Engage your people
Cybersecurity is often thought of as a job for the IT team. As the technology vanguard of any education provider, the IT team has traditionally been expected to be one step ahead of the threats faced and active in deploying the necessary systems and defences to guard against data breaches. Cybersecurity was a technology problem not a people problem, and IT could handle it.
Except this is an outdated view of cybersecurity. Today’s best practice cybersecurity approaches involve the entire business being involved in the awareness and preparedness effort. As anyone within the organisation or any device can potentially be a target, it takes a collective culture of awareness, education and a proactive stance to meet the breadth of the threats faced.
3 Secure your systems
The software and systems used by education providers play a role in safeguarding information security. From password management and protection to data storage in highly secure locations like the cloud (which often has a higher level of security than physical servers) the systems being used are on the frontline when it comes to the threats from external and internal actors.
Providers should look to technology that is up to date with the latest threats and trends. For example, JobReady is independently certified to the ISO 27001 information security management standard. Providers should also realise cybersecurity can’t just be outsourced to a third party provider; it is a shared responsibility undertaken by the educator and technology provider.
4 Prepare to evolve
Data security is not a set and forget activity. Covid-19 is a good example of how a threat landscape can evolve very quickly as education providers change the way they operate to include new technologies and practices and external actors change tactics. There is no time where providers can really relax their guard; they are always holding the valuable data they want to protect.
Education providers need to ensure all their systems and practices are evolving constantly to keep up with this changing landscape. From ensuring all software is updated to the latest versions, to using technology that supports security, the main thing is educators are aware of what best practice cybersecurity looks like in the now and have the people and processes to make that happen.