Keeping our schools cybersafe throughout lockdown
The past year has challenged the UK's education sector in ways that would previously have been inconceivable, with children learning from home the majority of the time since March.
The number of cyberattacks against schools has continued to rise, year by year, increasing exponentially in 2020, where a recent survey revealed that 83% of 430 schools across the UK had experienced at least one cybersecurity incident, even though 98% of schools use antivirus software and 99% had some sort of firewall protection. These attacks can be broken down as follows:
- 31% data breaches
- 23% malware
- 13% phishing
- 10% network/school infrastructure hacks
- 4% denial-of-service
At the same time, we are witnessing a range of new cyberthreats emerging, which must be carefully considered as part of any effective IT security programme. For example, 'Zoom bombing' (i.e. an uninvited user accessing a video call) is not only a threat to pupils' privacy and a distraction from their lessons, but also runs the risk of them being exposed to inappropriate material. At the same time, the familiar threat of phishing has taken on a new form, with cybercriminals acquiring users details by masquerading as the various popular video apps used for remote learning.
With parents and teachers already facing a range of challenges as children begin learning from home again, it's important that we do not lose sight of the lessons learned during the first lockdown. There is already work taking place in this regard, with the Department of Education having recently published a guide to cybersecurity best practice for remote learning, and the DFE and NCSC writing directly to schools with a plan for how to avoid cyberattacks and mitigate the effects when they do occur. This, however, is just the first step, as the DFE has mandated that schools have a formal plan for secure remote learning in place by September 2021.
It's clear then that schools - and institutes of higher education - cannot afford to be complacent when it comes to pupils' safety and wellbeing online. A robust cyber security strategy that not only considers familiar threats, but also the new ones that continue to reveal themselves, is therefore essential, but this then raises the question of how to best implement this. Schools will not typically have the in-house resources to do this, typically maintaining small IT teams that do not include a dedicated cyber security specialist. With schools' own IT teams already stretched by the need to prepare and ship the necessary hardware to pupils, ensuring it is equipped with the appropriate apps and ready for immediate use, it is clear that internal capabilities must be complemented by those of the technology partners who have already been helping the education sector transform its foundational IT infrastructure in response to COVID-19.
Entering 2021 and the next stage of remote learning
There are multiple elements to this, particularly considering the education sector's stringent compliance requirements and the level of digital transformation that has already been required to enable schools to successfully transition to remote learning. However, the successes we have already seen in this regard bode well for the future, with numerous IT teams within the education sector and their technology partners having established strong rapports that promise numerous innovations in the year ahead. With technology partners providing hands-on security monitoring, cutting-edge threat intelligence, and secure, compliant hosting of sensitive data, internal IT teams will be in an ideal position to move remote learning from a matter of necessity during lockdown to a powerful foundation for new channels of education.