School teacher teaching students showing the cyber security problem in the education environment
Getting Educated on Cyber Security in an Education Environment by Anna Ferry, Senior Writer and Editor at Mission Multiplier

Getting Educated on Cyber Security in an Education Environment

Cybersecurity is one of the fastest growing industries in the world. We already know that businesses, organizations, and government entities must follow guidelines in order to protect sensitive information, but the education sector is one of the most important assets to protect, yet it is an extremely underserved market. Year after year, universities and school systems are plastered all over the media because of a multi-million-dollar lawsuit that they are facing due to a breach in security. It is past time to draw attention to an ongoing and very serious problem facing the US education system: our schools are ill-equipped to face the mounting threats posed by hackers.

Many people think that cybersecurity measures should only be in place to protect top-secret military plans or businesses’ insider information, but the truth is, that any information that you wouldn’t want to tell a complete stranger is in need of protection. Schools have records containing faculty and students’ addresses, phone numbers, social security numbers, and even financial information, in the case of universities. In 2016 alone there were two major cyber security breaches that involved university servers being hacked, resulting in an information leak. At the University of Central Florida, an estimated 63,000 faculty and students had their personal information such as addresses, phone numbers, and emails compromised. The same year there was also an attack on the University of California at Berkley that resulted in a leak of approximately 80,000 peoples’ information, including financial and billing information stored by the financial aid office. The education sector is not only responsible for faculty and student information, though, it is their responsibility to uphold academic integrity as well. This means that it is their job to make sure that ACT/SAT test information cannot be leaked and that hackers cannot alter grades or other information in their student files.

Most schools’ IT directors probably do all that they can in order to prevent these types of leaks, but it isn’t the sole responsibility of the IT department to keep information safe. If there is a breach, individual schools, superintendents, and even principals are liable and can often be faced with lawsuits. It is important to identify what causes a network to be vulnerable and susceptible to breaches. The main reasons that breaches can occur are insufficient firewalls, unlimited student access, few cyber security measures in place by the school, and a lack of monitoring. Most schools only operate with the most basic security settings or use the preconfigured firewalls; this can prove to be detrimental. These ill-equipped firewalls allow students to reach pages that they shouldn’t be viewing on school servers such as pornography websites, gaming sites that are known to cause viruses, and even pages where they could potentially illicit illegal activity such as craigslist. There is virtually no need for students to be able to reach any of these sites in an education environment and on a school network, and these types of sites are what allows a network to be weakened and eventually breached. Finally, the biggest issue is that there is a lack of monitoring. Most schools, especially high schools, just configure their firewalls and block a few basic sites and think that those are sufficient measures taken to protect their information. This false sense of security is the underlying cause of most breaches. Even if a network seems to be protected, there is a constant need for monitoring! For every site that is blocked, three more will pop-up in its place unless the proper steps are taken to protect the network.

Although the challenges faced by the education sector (and every other sector) seem to be insurmountable, there are ways to effectively and inexpensively protect a network. The first action that needs to be taken is configuring a firewall that fits the needs of the school system. This configuration can be done in house, or the IT director may work with a cyber security company to set up a secure network. The next step would be to educate students and teachers about cyber security in a more meaningful way. Most schools have a generic warning that says “don’t go to sites that may give the school viruses” and that’s it.  Putting the impact that breaches in information can have on a school system into figures that teachers and students can understand is crucial. It would be more meaningful to say “these are the guidelines we have set for safe internet use, and it is imperative that you and your students follow them because the school or principal could be at fault for your actions and it could cost the school millions if dollars if we face a lawsuit”. The last step and perhaps the most important action to be taken in protecting a network is to monitor what users are doing and what sites they are allowed to reach. Using cyber solutions and tools to monitor networks is the most cost effective and fool proof way to maintain a secure network and protect information. There are multiple solutions on the market that allow for advanced web filtering, firewall security, gateway security, dashboard monitoring, insider threat protection, and more for a reasonable upfront cost.

Although the #cybersecurity challenges faced by the education sector seem to be insurmountable, there are ways to effectively and inexpensively protect a network.Click to Tweet

There is no greater asset than information, and without proper security measures, schools and all other entities are at risk of having their greatest asset stolen or compromised. Not only is information at risk, but millions of dollars could potentially be on the line as well when it comes to breaches in security resulting in lawsuits. Without taking preventative measures, your information is at risk; it’s time to decide how much your security is worth to you.