The Cyber Security Lifecycle
Know that there isn't a quick fix when it comes to cyber safety; instead, think of it as a continuous journey of auditing and refinement as demonstrated by this Cyber Security Lifecycle diagram:
In today's digital age, schools face new and evolving threats to their security. In July 2022 there was an average of 3,934 weekly cyber-attacks per organisation in the Australian education sector. It is critical for school leaders to stay informed to keep their school safe. Staying informed includes understanding what security threats the education industry faces and knowing the key trends and innovative solutions shaping its future.
Having this information gives school leaders the ability to act on some, if not all the recommendations provided below, ensuring as best they can that their school is protected.
Although there have been huge benefits to the increased use of technology in schools, it has also created one of the biggest security challenges facing the education industry today. With more students and teachers relying on digital devices and online platforms to learn, collaborate, and communicate, schools are becoming more vulnerable to cyber-attacks and data breaches. Hackers are targeting schools to steal sensitive information, disrupt operations, or spread malware. Some of the most common types of cyber-attacks include phishing scams, ransomware attacks, and denial-of-service attacks.
The increased use of technology has caused not only schools but most industries and organisations to have an over reliance on third parties and hence introducing cyber security risks. These risks include:
- Remote Learning Platforms: As more schools adopt remote learning in response to the COVID-19 pandemic, they are increasingly relying on third-party platforms to deliver online education. This can introduce new risks such as data breaches, lack of visibility into the security practices of the remote learning platform provider, and lack of control over the security of the devices used to access the platform.
- Cloud-based services: Australian schools are using cloud-based services to store and manage sensitive student and staff data. This can introduce new risks such as data breaches, misconfigured cloud infrastructure, and lack of visibility into the security practices of the cloud service provider.
- Mobile devices: Mobiles are becoming increasingly accepted within the classroom, which can create risk through unsecured devices and lack of mobile device management.
- Supply chain risks: The interconnectedness of school's supply chains makes it harder for them to keep track of the security practices of their suppliers. This can lead to an increased risk of data breaches and other cyber incidents caused by vulnerabilities in the supply chain.
- Cyber insurance: More schools are purchasing cyber insurance to cover the costs of data breaches and other cyber incidents. However, there is a risk that schools will become complacent about cybersecurity if they believe their insurance will cover the costs of a breach.
Another significant concern for schools is the rise of online harassment and bullying. With more students using social media and other online platforms, it's becoming increasingly easy for bullies to target their victims outside of school hours and beyond the reach of school authorities. This can lead to significant harm to students and can also damage the reputation of the school.