With online classes becoming ever more popular, schools and pupils need to be warier in their defense against cyber attacks. According to the K-12 Cybersecurity Information Exchange, a nonprofit that tracks cyber incidents, the number of publicly disclosed computer attacks on schools in the US has increased since 2016 to a new high of 408 in 2020. In fact, this number is likely to be higher as many cases go unrecorded. It's a similar story around the world. There was a 29% increase in cyber attacks globally in the education sector in July 2021 compared to the first half of the year, with an average of 1,739 attacks per week.
One particular problem is ransomware, which encrypts often important data (such as the personal identities and financial data of students, parents and staff) until a ransom is paid, typically in untraceable Bitcoin. There may also be a threat of this data being leaked to the public, increasing the pressure on victims. An educational institution typically pays on average US$112,435 to get data back and enable their networks to resume operating.
In November 2020, Newcastle Grammar School in NSW was the victim of a ransomware attack that had devastating effects. All IT systems were crippled, and sensitive data of over 900 students and staff was compromised, even though the school had conducted a cyber assessment 3 months prior. A ransom of US$1 million in crypto currency was demanded by the attackers.
In some less serious cases, the implication of an attack is merely system downtime. In November 2019, the Waterloo Catholic District School Board was impacted by a malware attack. They were lucky not to lose any personal data, however the attack resulted in a loss of all network access, including emails. During the 5 day downtime period it took for the IT team to recover the network, the board had limited access to resources.
The impact of these attacks are not limited to cost and time investments. Very often the schools get negative press by becoming front page news for the wrong reasons, damaging the brand and reputation. As a result, resources need to be used to manage communications with the school community including students, parents, staff and the media. However, with data lost, contacting parents and staff becomes incredibly difficult. A lot of the time the data lost also includes exams, reports and teaching material, which staff have to rewrite. The result of these implications is a drop in student and staff morale, which is only amplified by the exhausting pandemic they have had to face.
The reason for this recent increase in attacks stems from a few factors: Cyber criminals are taking advantage of the COVID-forced short-notice switch to remote-learning that most schools implemented, by targeting the personal devices of students and teachers. Cyber criminals are also aware that the education sector is generally under-resourced from a security perspective, making them a popular target.
Education organizations need to take preventative measures against cyber attacks. Alongside providing staff, parents and students with basic cyber security training, it’s important to use tools and devices which are secure and robust against attacks.
Choosing a communication platform for the virtual classroom which offers protection features is a good starting point, and using the wrong one could lead to vulnerability. For example, many schools use Slack as their communication tool. While it does have features to enable effective communication in an education setting, it falls short when it comes to security. One of its security issues is that it doesn’t have end-to-end encryption. This is because, in a business environment, enterprise executives often want complete visibility into communications across different work channels on the app. Without end-to-end encryption, a data breach on Slack could have detrimental consequences for its users, which has happened before, and could happen again. If confidential student or teacher data is among the stolen information, the liability will fall on the education organization that owns the data.
Rolo is an ideal platform for the education sector to use as its communication tool. It is secured by Blackberry, and features end-to-end encryption of chats, voice messages, location sharing and cloud storage of messages and files. In addition to these, communication features such as group chats and video calls, ensure its a convenient yet secure place for the education sector to communicate.
Endpoint protection is another area in which organizations can improve their defenses against cyber attacks. Having a secure communication tool ensures data cannot be accessed from messages and calls, but having devices secured as a whole is equally as important for the education sector. Traditional antivirus or firewalls are often not enough to detect or block attacks, and some can be intrusive to the user and slow-down their device.
Schools need software that is easy to manage, has advanced technology to defend against attacks, and doesn't need to be connected to the internet in order to function. Fortunately, cyber security expert BlackBerry has redefined what an endpoint protection solution can and should do for organizations by using an automated, prevention-first approach, with Blackberry Protect. It is an accurate, efficient, and effective solution for preventing advanced persistent threats and malicious software from executing on an organization’s endpoints. BlackBerry Protect does this without user or admin intervention, a cloud connection, signatures, heuristics, or sandboxes, and is therefore ideal for those engaged in remote learning.
Customers who have made the switch from reactive legacy, signature-based antivirus products have seen up to a 99% ROI, a 97% reduction in the re-imaging of machines, extended hardware and battery performance, and a 90% reduction in hours required to manage the solution.
The BlackBerry Protect architecture is made up of a single, simple agent, that is managed via BlackBerry’s own SaaS-based cloud console. This easily integrates with existing software management systems and security tools. No other anti-malware product compares to the accuracy, ease of management, and effectiveness of BlackBerry Protect, key for securing students and staff devices.
With remote learning, growing rates and complexity of cyber attacks increasing, in addition to educating teachers and administrators on cyber security risks, school networks must invest in robust cyber security solutions. School cyber attacks go beyond financial impacts, with school brand reputation, and student and staff morale, time and workload being damaged also. Very often it's about making smart choices of technology and tools to build the defense, such as using Rolo Secure Chat and Blackberry Protect, both of which are inexpensive, yet advanced and robust solutions for the education sector.