According to a research by Microsoft Security Intelligence, 44% of overall cyber attacks in 2021 were in the education industry. This is alarming given the fact that cyber attacks are typically associated with banking and government organizations.
Starting from 5 years old pre-primary kids to 20 years old college students – the entire education sector has come down to virtual mode due to the global pandemic. To learn alphabets, solve mathematical problems, know historical facts, teach chemical formulas – both students and teachers are counting on smartphones, tablets, laptops and desktops to ensure continuity of education. Not just in virtual classes, but also for the administrative procedures in schools, colleges and universities like new admissions, preparing academic calendars, examinations or even report cards have gone digital for convenience and safety. However, questions have been raised by parents, teachers and cyber experts – are we digitally safe in the education industry?
IT Security Scenarios in Education
Cyber criminals have targeted institutes to breach confidential personal data. The most vulnerable targets among them are :-
- Names, addresses, contact details of students and their parents
- Social security numbers of students, their parents and local guardians
- Transaction history and payment mode of parents who paid admission fees and tuition fees online
- Digital annual report cards, promotion certificates, school-leaving certificates, character certificates and more
- Institute database consisting of students’ records, teachers’ records, details of non-teaching staffs and even investor/ investment history
Since everything has been digitally transformed and most of the communication between students, parents and school authorities are done through emails, virtual meeting applications and other online modes. Thus the IT security risks escalate.
Where are the IT Risks?
The roots of cyber risks in educational institutions lies in both IT and non-IT circumstances. These risk factors in this industry are less discussed but highly affected. Let us delve a bit deeper.
|Inadequate IT Security Policy: Due to sudden increase in usage of smartphones, tablets, laptops, many students (even teachers) do not have sound knowledge on how to store and secure personal information, day-to-day data of lessons, assignments and subject syllabus. Without a well-defined IT security policy, neither students, nor the teachers are able to ensure data privacy and data security.
|Lack of Awareness: This is a very common drawback of the education industry in the recent past. After the pandemic hit the globe, the digital teaching & learning mode turned into the only medium to ensure education. However, there remains a lack of data security and cyber security awareness among teachers, students and parents. This definitely increases risks.
|No IT Security Department: Large schools with best infrastructure and ultra modern facilities very often lack a well-defined IT security team that is the basic foundation to ensure cyber security in the school infrastructure. When there is no one accountable for a task, then the IT risks escalate uncontrollably.
|Poor Knowledge: Except students and teachers of Information Technology stream, it has been observed that there is poor knowledge about data security. In fact, as we discussed above, the importance of this knowledge is yet to be prioritized among the mass.
|Lack of Robust Password Management: Strong Credentials are the basic resistance to critical information from unauthorized users. While teaching staff are following Bring Your Own Device (BYOD) practice for conducting classes, every database requires a robust password to ensure data security. If not followed, then different individuals accessing desktops or laptops from the school premises might face security threats from unauthorized users.
|Inadequate Funding: Necessary and timely budget allocation for IT Security measures creates a big difference whether the institute is serious enough to follow the IT security norms.
|Cyber Espionage: This could be a serious reason for educational institutes where private information is eavesdropped and misused without the knowledge of the victim. Proper segregation of data with a strong password policy can prevent cyber espionage.
|No Training Process: If there are no adequate resources to manage cyber security, the educational establishments lack adequate training that could build the IT security awareness among the users.
|Unsafe Wi-fi/ Network: This is another challenge faced by the teaching staff while accessing critical information during emergencies or even for regular activities. Unprotected network always bears a grave chance of IT security threats while accessing critical information.
Cyber Criminals have started to misuse pandemic as a weapon to target the education sector. The sudden shift from on-prem classes to remote learning has deteriorated the situation. With the students increasingly using their personal computers, laptops, smartphones and unsecured networks to join online classes, the threat vector of the education sector is proliferating. It’s high time for the education leaders to prioritize cybersecurity immediately and steer their organizations towards digital safety.