• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar

Red Sift Blog

Democratizing technology essential for cybersecurity.

Red Sift Blog
  • redsift.com
  • Featured
  • About
  • Get in touch
You are here: Home / Cybersecurity / C+ ‘Must try harder’: Cybersecurity in Education:

C+ ‘Must try harder’: Cybersecurity in Education:

by clare
September 28, 2018December 6, 2018Filed under:
  • Cybersecurity
  • DMARC
Photo by Thomas Kolnowski on Unsplash

September: it’s a heady mix of the crisp autumn air and back to school stationery. For many IT and security teams in the education sector, it’s the beginning of a nine-month-long cyber nightmare where staff and students lay waste to a summer of careful cybersecurity planning.

By freshers’ week, The University of Edinburgh, among others, had already been hit by a major cyber attack, and the consensus is that it’s students who will play havoc with the defences of education networks across the country. So, what’s an IT manager at a prestigious university, to a local village school to do until mid-July when the vulnerabilities leave for the summer holiday?

A target-rich classroom

Despite attempts to improve general understanding of online and IT threats, with schools, colleges and universities all issuing ICT policies to minimise user errors, experts suggest that these institutions are more at risk of attack than ever before. At the beginning of the autumn term, the threat level intensifies with new parents, teaching staff and students all accessing previously unknown digital materials, and the chances to exploit mistakes, become more readily available. And of course, let’s not forget about the case of one student earlier this month who managed to cause a denial of service attack on the entire university network by trying to take a fellow gamer out of action.

But of course, it’s not just about the users – public sector IT teams remain stretched with limited budgets and resources, trying to manage expanding lists of security measures and protocols, now with the added task of educating their entire user base about basic IT security. The holy trinity of of IT security from just little over a decade ago – anti-malware, anti-spam and patch management – no longer cuts the mustard. Today, it’s also about managing risk, detecting vulnerabilities, penetration testing, and the straw on the camel’s back?…GDPR.

Over the past five months – yes it really has been that long since GDPR-day – all organisations will have been tirelessly looking to tighten their security belts and ensure that they have taken appropriate measures to avoid an attack for which they could be blamed and, more importantly, fined. Sophisticated malware detection and email gateway protection are a given, but there are also more simple ways to stop some of the most fervent types of attacks which many IT teams are unaware of, or neglect.  

A recent survey by digital infrastructure and services provider for the education sector, Jisc, highlighted how the top cybersecurity risk for universities and colleges was accidental breaches. These breaches come in the form of social engineering and phishing attacks – a type of attack that relies on a lack of awareness and human error. It’s no longer about a user relying on a clever algorithm to detect a threat, it’s time for the user to switch on their threat radar. So, how can a small team, or single IT manager solve this risk?

A for effort

Basic security awareness training is needed from day one – users need to know how not to fall foul of an opportunistic hacker or scammer. One of the most common ways to infiltrate a system is to fool staff and students – it’s as simple as sending emails purporting to come from the admin or finance team looking to get payment for school lunches or more seriously, rent for accommodation or a demand for payment of fees. Recognising rogue senders is one thing, but how can users be blamed for handing over payment details to a legitimate looking sender?

And this is where there has to be an interplay between technology solutions and user insight – a spoofed email is almost impossible to detect by a user, and institutions need to have adequate defences in place to block illegitimate mail so the user never stumbles over it.

The education sector is such a melting pot of different types of users with varying values (freedom of information, expression, exchanges of ideas etc) compared to organisations that employ adults with a single view of achieving business goals. But the goal of all IT teams is the same – to keep the network and all users secure.

Tell, teach, involve

You know the saying, ‘Tell me and I forget. Teach me and I remember. Involve me and I learn’ – it’s corny but true. A surefire way to capture and maintain interest in IT security is to get staff and students involved – working in this industry, we take levels of understanding on cyber threats for granted and will no doubt pass on this security savvy consciousness to our children. But imagine for a moment, you don’t work in tech, have only heard about ‘phishing’ and ‘malware’ on a headline report on the BBC News, and can only do the basics on your Windows 7, outdated PC.

Now imagine, if you spend 30 minutes every term explaining the simplicity of a phishing attack and how users can spot a rogue sender. Furthermore, employ DMARC, and users can rest assured that a spoofed email address, with a view to steal data or money, won’t even hit their inbox. Equation solved.

Want to be a real star pupil? Get in touch today to learn more about how to protect your organisation from phishing attacks. We love a teacher’s pet!

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Tagged:
  • Cybersecurity
  • Education

Post navigation

Previous Post eBPF, ingrained in Rust
Next Post Unexpected item in bagging area: Phishing in the retail sector

Primary Sidebar

Recent Posts

  • 2021 The Threat Landscape: Brand protection and BEC attacks lead the charge
  • OnDMARC Wins “Best-Of DMARC” Award On Review Platform Expert Insights
  • The case for embracing DORA
  • Red Sift – Closing the Net on the Phishing Problem
  • Beware of this common NHS Covid-19 Vaccine email scam

Archives

  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • November 2016
  • October 2016
  • February 2016

Categories

  • AI
  • BEC
  • Coronavirus
  • Cybersecurity
  • Deliverability
  • DMARC
  • Email
  • Finance
  • Labs
  • News
  • OnINBOX
  • Partner Program
  • Red Sift Tools
  • Uncategorized
  • Work @ Red Sift

Copyright © 2021 · Milan Pro on Genesis Framework · WordPress · Log in