Vinayak Sreedhar, Country Manager – Australia, ManageEngine, on the persistent cybersecurity challenges in hybrid education and how to navigate them.
What makes a professional or educational environment ‘safe’ in Australia has evolved significantly in recent years. Thankfully, organisations are increasingly concerned about safeguarding their digital infrastructure and sensitive data.
Evolution is key here. The digital environment will continue to evolve and education must adapt alongside it.
The pandemic-forced shift to hybrid education as the new normal is old news now and we’ve seen further changes to flexible and accessible learning as a result of the revolutionary advancements made by AI. Along the way, we discovered the many benefits offered by the new model and technologies. We also discovered the potential pitfalls, especially cybersecurity issues, as numerous educational institutions fell victim to cyberattacks.
A recent study into the cyber resilience of organisations in Australia and New Zealand indicated three areas that were of the highest concern: risks due to personal devices and personal use of corporate devices, unsecured Wi-Fi networks, and phishing attacks.
Personal and professional blurred lines
One of the most significant challenges of remote work and learning is the varied landscape of devices employees and students use to access company or institutional data. While many organisations provide devices, a large portion of staff and students also use personal devices for learning-related tasks. This blend of personal and professional technology can pose serious cybersecurity risks.
The use of personal devices for work creates vulnerabilities, as these devices are unlikely to have the same level of security controls in place as equipment provided by institutions. Students may inadvertently compromise sensitive data through activities unrelated to work.
There are several steps that can mitigate these risks. Where possible, universities and other third-level institutions should provide employees and students with corporate devices and establish a clear bring your own device (BYOD) policy that outlines the security requirements for personal devices used for work. This should factor in regular security updates, the use of antivirus software and encryption.
Education institutions also need robust and reliable remote access solutions, such as virtual private networks (VPNs) and multi-factor authentication (MFA), to guarantee that all devices securely access educational resources and institution-related data, creating a safeguarded channel of communication.
Secure and reliable access
Students, teachers, and staff often rely on various Wi-Fi networks and the integrity of these connections are of vital importance. To fortify these environments, institutions should strive to promote secure Wi-Fi practices by instilling them in the significance of connecting to secure, password-protected Wi-Fi networks while cautioning against using public networks for sensitive educational tasks.
Institutions can also offer solutions like VPNs to encrypt data transmitted over unsecured networks and significantly bolster security.
Though not possible in all situations, some educational institutions can even conduct assessments of various home networks to identify and rectify vulnerabilities that may compromise the integrity of the remote or hybrid educational environment.
Phishing attacks continue to wreak havoc
Phishing attacks are a persistent cybersecurity threat in the realm of education—as highlighted by a major breach at the Australian National University (ANU). Threat actors create convincing messages and emails to deceive students and teachers into revealing sensitive information or clicking on malicious links.
In the education landscape, where individuals may be more isolated and vulnerable to such attacks, addressing the concern is vital. Regularly educating students, teachers and staff to recognise phishing attempts is crucial. They must be armed to verify the authenticity of unsolicited emails or messages before taking action.
Institutions should also employ powerful email filtering systems to identify and quarantine potential phishing emails, preventing them from reaching students and teachers. Protection can be bolstered further with MFA to make it more difficult for attackers to gain access to sensitive systems and educational data, even if they have compromised login credentials.
It’s crucial to set clear procedures to report phishing attempts or suspicious emails. Swift reporting aids in the rapid response to potential threats.
Educating the education sector
Education is the most important weapon in this fight. Every member of the education community must know the risks. Consistent and clear training and awareness programs can significantly reduce the likelihood of security breaches and maintain a secure educational environment for all.
The educational landscape relies on technology to play an increasingly pivotal role. Therefore, proactive security measures are an indispensable part of ensuring the long-term success of every classroom and every student.