Here is a checklist to show their IT teams just to make sure school is not unduly disrupted next year.
A recent survey of 500 students and 75 IT decision-makers at educational institutions in the United States shed light on the state of cybersecurity in education during the COVID-19 pandemic.
The report contains startling findings including a stark lack of training for the new learning environments (for example, blended learning and home-based learning) and a large discrepancy between student and IT decision-maker experiences with cyberevents such as cyberattacks. A remarkably low number of IT decision-makers had said their schools suffered a cyberattack—just 2.7%t—while 46.2% of students reported their schools had suffered one.
This statistic of students experiencing a cyberattack is even more important as they look to enrol in universities or private schools because 61% of students reported that a cyberattack resulted in a significant or strong impact on their trust in their school.
Cybersecurity as a school’s hallmark
The report uncovered the perception that a school’s ability to weather a cybersecurity event equated to continuity in learning and other school activities.
Said Marcin Kleczynski, CEO, Malwarebytes, which commissioned the survey: “Students during the pandemic are struggling with digital access, engagement and a severe sense of isolation. Cybersecurity should be the least of their concerns, and yet, it’s concerning to find that nearly half of educational institutions show a lack of preparedness. It is essential that schools stop viewing cybersecurity as an afterthought: protecting students and their data online should be a top priority for educators.”
Here is a quick checklist for school IT teams to assess their cybersecurity readiness.
- Are staff and students cyber-trained properly? A disappointing 50.7% of IT decision-makers said that no one (not students, staff or faculty) was required to enrol in cybersecurity training before the new school year began. This is asking for trouble.
- Is the school network protected, and are users’ machines vetted? Some 46.7% of IT decision-makers said their schools developed “no additional requirements” for the students, faculty, or staff who connected to the school’s network: no cybersecurity training AND no antivirus tool installations.
- Are educational and videoconferencing tools regularly patched? Nearly 71% of schools have deployed new software needed for distance learning, such as Zoom, Remind, and Google Classroom, and many have already suffered incidents that required frequent patching.
- Do staff and students have the necessary secure devices for remote learning? In preparing for the new school year, 30.7% of schools surveyed admitted to not being able to provide for all teachers, administrators, and staff members to work remotely, while 45.3% of schools could not provide all the devices needed for every student to attain an equal quality of education.
With distance learning in full swing, concerns remain with device shortages:- 28% of respondents in school IT teams said their schools were missing laptops, computers or tablets for teachers
- 40% were missing those tools for parents and students
- 38.7% were worried that teachers or students were using up the data on school-provided WiFi hotspots too quickly
- 28% of respondents in school IT teams said their schools were missing laptops, computers or tablets for teachers
- Are the IT team overloaded? Should any shortfalls in the above checklist surface, educational institutions can consider turning to AI-enhanced cybersecurity to reduce manpower resources needed to monitor the network.
- Did your school know that educational institutions are a major target next year? Surges inbusiness email compromises, phishing and other attacks are expected, exactly because hackers know how vulnerable educational institutions can be.
- Are there multiple backups of data pools to avert ransomware threats? See what measures need to be introduced for resilience to ransom and extortion tactics.
Should there be any doubts as to the gravity of the weak cybersecurity situation in schools and academia, IT teams should make sure to follow the checklist links above to escalate to the management for immediate consideration.
Note: In addition to the abovementioned survey, a parallel survey targeted 500 students enrolled in K–12; students working on obtaining a bachelor’s degree, associate’s degree, or attending trade school; and students enrolled in any post-graduate program in the United States.