The coronavirus pandemic has proved a trial-by-fire for remote learning systems worldwide. While teachers, administrators, students and parents all struggled to keep schooling effective with new tools, remote learning also opened the door for data breaches that many public and private educational institutions were poorly prepared to prevent.
The impact of data breaches in education in 2020
Both K-12 and higher education have seen numerous cyberattacks, with 408 publicly disclosed incidents in K-12 public US schools last year alone, according to “The State of K-12 Cybersecurity: 2020 Year in Review,” a report from the K-12 Cybersecurity Leadership Symposium.
That represents an 18% year-over-year increase, with common cyberattack types including both student and staff data breaches and leaks, phishing attacks, DDoS attacks, and ransomware. These attacks can expose sensitive information, disrupt learning, and cost taxpayer money both through resolving attacks and the resulting downtime.
Unique problems in cybersecurity for education
Both private and public educational institutions deal with several issues that make maintaining a secure infrastructure difficult.
One of these is the broad scope of potential bad actors. Security threats can include small scale phishing attacks attempting to learn a single user’s personally identifiable information for identity theft, highly sophisticated attacks from nation-states or other parties looking to acquire research and intellectual property, as well as students themselves attempting to modify their own records.
Another problem is the need for accessibility and the diversity of how students may access digital tools. Without the budgetary allowance of providing laptops or tablets to all students, schools must deal with students accessing their email, lectures, and other sensitive information on a variety of devices and web browsers, some of which may be quite outdated.
This is exacerbated by the overarching problem of tight budgets, which already strain many K-12 schools regarding academic needs. With such limited funding, investing in cybersecurity can be a difficult sell.
How educational institutions can capitalize on the latest in cybersecurity
The most cutting-edge developments in cybersecurity can provide both cost- and time-effective solutions to educational institutions concerned about both.
Simple solutions with high ROI such as security awareness training, which helps inform each user in your system about good cybersecurity habits, have been made much more effective with more research about how to best communicate and engage people with limited understanding of and patience for IT. Having an efficient and informative way of training new users in basic cybersecurity is essential for organizations with a constantly changing population, such as a student body who cyclically graduates and has new incoming students.
More high-tech solutions such as true cloud architecture can help reduce operating expenses as well as make it easier for a limited IT team to manage security threats for a large userbase. It will also help continuously upgrading systems and processes as better ones are developed, without requiring an overhaul of physical infrastructure. This also helps avoid a big upfront investment in cybersecurity, which may make the process easier to swallow from a budgetary perspective.
By taking advantage of these developments in cybersecurity, educational institutions can protect themselves in a changing environment with effective solutions that are affordable and easy for people at all levels of technical knowledge to understand and apply.