How can schools and universities ensure their students’ data is safe online?

Justin Ellis, Senior Data Centre Specialist at Comms Express advises how schools and universities can ensure that their students’ data is safe online by following these measures

Almost all businesses today are responsible for keeping some sort of data secure and that is equally true for the education sector. Technology and education are increasingly entwined, from universities deploying the latest gadgets for teaching and research, to primary schools with interactive whiteboards in the classroom. But increased tech interaction goes hand-in-hand with a greater risk of cyber-attack and educational establishments need to be aware of the challenges facing them and must take steps to protect themselves.

Cyber threats to be aware of

Criminals target educational organisations for a number of reasons. A major one is personal information: An establishment will hold hundreds or thousands of student records, including names, ages, physical addresses and email addresses. This information can be sold illegally, used for identity fraud, or held to ransom. Private schools and universities will probably also hold bank details for payment of fees, which could lead to financial fraud. Another target is university research programs: scientific innovations or cutting-edge research into subjects such as energy and medicine have great potential interest for hackers in other countries.

The most popular types of cyber attacks are malware and phishing. It only takes one person in an establishment clicking a link on an infected website or in a spam email message and a hacker has a way into the network. It doesn’t help that email addresses for both staff and students are often very simple to guess and in many cases, email information appears on the establishment’s website.

Sometimes, sensitive information can be leaked deliberately, perhaps by an employee with a grudge. Safeguarding against such an eventuality is a vital part of network security

How to keep data safe

Data security requires a set of standards, backed by technology, that keep data from accidental or intentional sharing, modification or deletion. The introduction of General Data Protection Regulation (GDPR) has made it particularly important to have a robust data security policy in place to guard against malicious or unauthorised access, as non-compliance can lead to fines and reputational damage. There are a number of security tools in widespread use commercially that can easily be brought into the education sector.

1. Two-factor authentication

Two-factor authentication, or 2FA, is a process by which a user is granted access after successfully providing two forms of authentication: something they have and something they know. The best-known use of 2FA is at cash machines, where the user has a bank card and knows their PIN. By introducing 2FA for data-sensitive systems, the chances of a rogue user gaining access are greatly reduced.

2. Firewalls

Internet access has been an essential component of learning for years now and the number of devices accessing an establishment’s network is increasing all the time. A firewall is one of the most vital security tools to implement: by filtering unsuitable content and protecting against malware, both on-site computers and personal devices belonging to students or staff can be connected without any concerns. There are plenty of options available, from routers with inbuilt firewall capabilities that will cover a small to medium school, to full firewall solutions that can be managed centrally and scaled up as required across multiple campus locations.

3. Internet usage policies and restrictions

Only certain people in an organisation need to have access to personal or financial data. An essential part of network security in this day and age is monitoring who has that access and how they use it. Technology is available to restrict confidential data to certain user accounts, track user actions online and flag unexpected access or attempted data transfer (for example, to an email message or a USB stick). Implementing such a solution protects against both naïve and malicious sharing of sensitive information and stops data breaches before they can do any damage.

It’s also a good idea to have a published internet usage policy for both staff and students so that everyone knows the guidelines for appropriate use of the establishment’s equipment, network and internet access.

4. Secure document sharing and submissions

All sorts of documents are submitted and stored online in the educational sector, from maths homework to research papers to funding applications. Having a secure method of document storage and backup is paramount to avoid data loss both maliciously and accidentally. Both in-house and cloud-based solutions are available, with the latter offering the advantages of simple access and file sharing from any location, automatic file backups and saving bandwidth on the establishment’s network.

5. Consistency

Some establishments, especially larger universities, have grown their IT infrastructure based on the needs of individual departments – which leads to multiple systems and a greater risk of unauthorised access. There is also a tendency to hold onto older, potentially less secure pieces of technology rather than dip into a limited budget to replace them. A centralised IT department can ensure consistency and security across all departments, as well as helping to reduce costs.

This also applies to any third-party providers, such as equipment suppliers and cloud-based services, which could be the source of a data leak. Any outsourcing needs to be managed carefully, with appropriate measures in place to guard against attacks.

In conclusion, it is entirely possible and strongly recommended that any educational establishment implements a robust network security strategy that protects the most sensitive data without hindering the work of teachers or students. However, in addition to investing wisely in security tools, in a time of stretched budgets it’s important to ensure that staff and students have a basic knowledge of cyber threats and how to avoid them. This may be as simple as impressing the need on them not to leave a laptop logged in and accessible and not to write down passwords.

In the world of education, one of the most effective protections is education itself.