14 February 2023

The Cyber Security Lifecycle

Know that there isn't a quick fix when it comes to cyber safety; instead, think of it as a continuous journey of auditing and refinement as demonstrated by this Cyber Security Lifecycle diagram:

(Crowe, 2022)

In today's digital age, schools face new and evolving threats to their security. In July 2022 there was an average of 3,934 weekly cyber-attacks per organisation in the Australian education sector. It is critical for school leaders to stay informed to keep their school safe. Staying informed includes understanding what security threats the education industry faces and knowing the key trends and innovative solutions shaping its future.

Having this information gives school leaders the ability to act on some, if not all the recommendations provided below, ensuring as best they can that their school is protected.

Where do the major security threats in the education industry come from?

Although there have been huge benefits to the increased use of technology in schools, it has also created one of the biggest security challenges facing the education industry today. With more students and teachers relying on digital devices and online platforms to learn, collaborate, and communicate, schools are becoming more vulnerable to cyber-attacks and data breaches. Hackers are targeting schools to steal sensitive information, disrupt operations, or spread malware. Some of the most common types of cyber-attacks include phishing scams, ransomware attacks, and denial-of-service attacks.

The increased use of technology has caused not only schools but most industries and organisations to have an over reliance on third parties and hence introducing cyber security risks. These risks include:

• Remote Learning Platforms: As more schools adopt remote learning in response to the COVID-19 pandemic, they are increasingly relying on third-party platforms to deliver online education. This can introduce new risks such as data breaches, lack of visibility into the security practices of the remote learning platform provider, and lack of control over the security of the devices used to access the platform.

• Cloud-based services: Australian schools are using cloud-based services to store and manage sensitive student and staff data. This can introduce new risks such as data breaches, misconfigured cloud infrastructure, and lack of visibility into the security practices of the cloud service provider.

• Mobile devices: Mobiles are becoming increasingly accepted within the classroom, which can create risk through unsecured devices and lack of mobile device management.

• Supply chain risks: The interconnectedness of school's supply chains makes it harder for them to keep track of the security practices of their suppliers. This can lead to an increased risk of data breaches and other cyber incidents caused by vulnerabilities in the supply chain.

• Cyber insurance: More schools are purchasing cyber insurance to cover the costs of data breaches and other cyber incidents. However, there is a risk that schools will become complacent about cybersecurity if they believe their insurance will cover the costs of a breach.

Another significant concern for schools is the rise of online harassment and bullying. With more students using social media and other online platforms, it's becoming increasingly easy for bullies to target their victims outside of school hours and beyond the reach of school authorities. This can lead to significant harm to students and can also damage the reputation of the school.

Innovation in cyber security for the education industry

One of the key trends that is shaping the future of school security is the increasing use of artificial intelligence (AI) and machine learning. These technologies are being used to help schools detect and respond to security threats more quickly and effectively. For example, AI-powered systems can analyse large amounts of data to identify patterns and anomalies that might indicate a security breach, while machine learning algorithms can be used to automatically block malicious traffic or identify suspicious activity.

Another important trend is the growing use of biometrics, such as facial recognition and fingerprint scanning, to secure school buildings and digital devices. This technology can help schools to identify authorized personnel and keep unauthorized individuals out quickly and accurately.

What can you do as a school leader?

Stay informed.

Keep up to date with the latest trends and best practices in school security. Attend conferences, read industry publications, and join online communities to stay informed about the latest developments.

It is important for Australian schools to stay informed about these trends and to take steps to mitigate the risks associated with third-party providers. This includes conducting regular security assessments of third-party providers, requiring them to adhere to the school's security policies and standards, and regularly monitoring their compliance.

Develop a comprehensive security plan

Create a security plan that covers all aspects of school security, including cyber security, physical security, and emergency management. Make sure that all staff members are familiar with the plan and know what to do in case of an emergency.

Train staff and students

Training staff members and students on the threats that exist when using digital tools and platforms, best practises to stay safe online, and how to recognise and report cyber security threats.

Consider the Essential Eight

The Essential Eight are a set of eight cybersecurity strategies that organisations can implement to protect against cyber-attacks. The strategies include implementing application whitelisting, patching applications, patching operating systems and using multi-factor authentication.

Invest in security technology

Investing in security technology will help you detect and respond to security threats more quickly and effectively. Consider using AI and machine learning, biometrics, and other cutting-edge technologies to keep your school safe.

Work with experts

Working with security experts can help you assess your specific security needs and develop a plan that will work for the areas your school is facing

By identifying areas of vulnerability, Findex can provide you with the information necessary for you to take the steps and strengthen your defence against cyber-attacks. Our team of experts can discuss with your IT team on current cyber security plans.

Don't wait, contact us today to schedule a free consultation, and take the first step in securing your school's future.

See our disclosure information on our website here.

February 2023.