How to safely manage hybrid learning in the education sector
We are used to hearing plenty of stories about businesses moving to a hybrid way of working as a result of the COVID-19 pandemic. Many of which are now dealing with a range of new challenges that these changes have created.
It is not just the corporate world that has been forced to adapt its ways of working over the last 18 months or so. Educational institutions have also had to find new ways to deliver the services, that in many cases students have paid fees to receive. Anyone who has children of school age will also know all about the many potential challenges of adapting to the new reality of hybrid education provision.
From primary schools to the world’s most prestigious universities, education providers are embracing remote learning in its various forms. In many cases they are delivering their teaching and student support via cloud-based platforms such as Microsoft 365 or Google Classrooms.
These new platforms offer great opportunities both for learners and educators, but they also open these institutions, and the users who interact with their networks and services to a serious and growing threat.
Why is the education sector particularly vulnerable to cyber attacks?
Over the last few months we have seen a significant leap in the number of cyber attacks on education providers of all sizes. According to FE News, there has been a 600% rise in education-related cyber crime. In addition, a 2020 study of 134 UK universities reported that of the 105 universities that responded, 35 admitted to being attacked (33%), 25 said they hadn’t been (24%) and 43 refused to answer (45%). Whether education organisations choose to publicise it or not, cyber attacks are a growing issue, at all levels of education.
But why are cyber criminals targeting these types of institutions in particular? What is it about them that makes them so attractive to criminals?
There are two key factors.
The first is the sheer quantity and value of the data that many education providers possess. This includes everything from contact information for pupils, students, staff and carers, through to detailed health information, employee references, safeguarding information, exam results and even passport details. As a result, the vast amount of personal data that these organisations hold on their students and staff is clearly very attractive to potential attackers.
The second factor is simply the scale of the networks that education organisations run and the way that they are currently accessed, often remotely and via a range of student and teacher devices.
The Government’s National Cyber Security Centre has issued fresh alerts in recent months, in response to renewed and increasing numbers of ransomware attacks against schools, colleges and universities in the UK.
In addition to these alerts, they’re also advising organisations to follow the guidance they have laid out around mitigating malware and ransomware attacks. We suggest that you take a look at this here.
So why is the situation getting worse now? The size of the potential prize for cyber criminals has remained the same, but the opportunities they now have for getting their hands on that data have multiplied. Much of this is down to the way that the pandemic has forced many institutions to move towards more hybrid ways of working.
Before the COVID-19 pandemic, students would usually have been on site when they accessed their education provider’s network, so most institutions would have had the added protection of a firewall and filters to block certain dangerous sites and other threats.
A changing threat landscape
Now, many students are accessing their education provider’s networks remotely, via the cloud. As a result, it has become considerably harder for in-house IT teams to keep an eye on who is accessing what and when – and how to mitigate any subsequent threat to their own network.
In addition, there has been a move in recent years towards encouraging staff and students to ‘Bring Your Own Device’ in order to access these networks, which brings its own risks. As a result, increasing numbers are doing this – and often via their own less-than-secure home WiFi networks. Finally, education providers are often increasingly being urged to use software from many of tech’s biggest companies to deliver their services.
It all adds up a perfect storm of opportunities for potential cyber attackers.
How can educators protect themselves against cyber attacks?
If you are responsible for cyber security within your education establishment, we would first urge you to carefully follow any updates to the guidance regularly published by the National Cyber Security Centre. The best way to do this is to make sure that your organisation is signed up to the Government’s Early Warning system. You can do that here and we would suggest that it is a great place to start.
While you are there, we would also suggest taking a look at their guidance for learners and organisations around making sure that their home learning set ups are secure.
Beyond that, there are also other ways that you can increase your chances of protecting yourself in the first place, or mitigating any potential damage if you are attacked.
For example, if your organisation is using online, cloud-based platforms such as Microsoft 365 to deliver your services, it is important to have a robust back up or disaster recovery solution in place.
Firstly, we want to clear up a common misunderstanding. Many organisations who run Microsoft 365 believe that Microsoft are responsible for the security of your data long term. They aren’t.
Microsoft’s default settings only protect data for up to 90 days at most, and some services even delete data after 14 days. That is clearly insufficient, and can leave your staff, your learners and the organisation badly exposed if there is a security breach.
Our CloudCover 365 solution utilises object based storage and protects data through immutability. The system ensures that if you suffer a ransomware or similar attack, you will be able to recover your data quickly and efficiently. The CloudCover 365 solution allows your teams to retrieve any specific deleted data on Microsoft 365 mailboxes, emails, files or sites. It means that in the event of an attack you will be able to get back up and running again quickly.
Need some help?
Education providers are under increasing pressure to keep their data safe from rising numbers of cyber attacks. We are here to help if you would like to talk to a member of our experienced team about the back up and disaster recovery solutions we offer to education providers.
Call us today on +44 (0)3453 888 327 to discuss your specific needs, or email enquiries@virtualDCS.co.uk.