23 November 2023
In August 2023, the University of Manchester in the UK suffered a cyberattack, school systems were found to be accessed by an unauthorised party. This resulted in stolen data including “names, contact details, gender, dates of birth, university ID numbers”, and even patient details from the UK’s National Healthcare System (NHS).
Educational institutions have undergone a profound digital transformation, revolutionising not only the delivery of education but also the day-to-day administrative functions. The pervasive integration of digital hardware and software, however, has exposed institutions to heightened cybersecurity risks and raised critical questions about data protection.
Speaking at EDUtech Asia 2023, Soheil Katal, Chief Information Officer of the Los Angeles Unified School District, emphasised the paramount importance of cybersecurity in safeguarding student information amidst the digital era. He noted, “Cybersecurity is the biggest concern, to protect student information when they are using this digital content. We see cybersecurity is on the rise and want to be ahead of it.”
According to Microsoft’s global threat activity monitoring, Education as an industry accounted for a staggering 79% of enterprise malware encounters. In 2021, 647,000 American students were affected by ransomware attacks on K-12 schools.
Educational institutions, viewed as a treasure trove of sensitive data, including contact details, medical records, and financial information, have become prime targets for malicious actors. Factors such as the perceived lack of designated cybersecurity personnel or funding for robust protective measures make these organisations particularly susceptible.
Institutions are highly dependent on their systems operating efficiently and effectively. In the event of a cyberattack, whole systems may fail to function, having a knock-on effect on lesson delivery and putting learning continuity at risk. Cyberattacks not only compromise the safety and security of teachers and school administrations but also the privacy of learners – particularly minors in K-12 institutions.
Funding constraints and a shortage of cybersecurity talent are often cited as reasons why educational institutions lag behind other industries in their ability to respond to cyber threats. However, a crucial aspect that cannot be overlooked is the human factor. Users within the institution, ranging from skilled IT professionals to students with limited awareness of cybersecurity risks, play a pivotal role in maintaining cyber integrity. Implementing a culture of “security mindfulness” is essential to mitigate both physical and cyber threats.
Singapore’s Cyber Safe Students, a program integrated into public school character and citizenship education curriculum, aims to raise awareness of cybersecurity and encourage the adoption of good cyber hygiene practices among the young. In August 2023, the Biden administration announced cybersecurity training programmes to beef up tech safeguards, aiming to train and assess cybersecurity practices at 300 new “K-12 entities” within the next school year.
As the digital landscape evolves and new platforms like ChatGPT are introduced into the ecosystem, ongoing training ensures that educators are equipped with the latest knowledge and skills to navigate potential cyber threats. By fostering a culture of continuous learning, institutions empower their staff to proactively contribute to a secure online environment. Professional development not only enhances individual awareness but also encourages the sharing of best practices, creating a collaborative community that collectively strengthens the institution’s cyber resilience.
The complex interplay of technological advancements, regulatory landscapes, and human behaviours underscores the need for a comprehensive approach to safeguarding educational environments. Beyond the deployment of advanced protective technologies, the human factor emerges as both a vulnerability and a formidable defence. Professional development initiatives, collaborative efforts, and a commitment to ongoing education are pivotal in fortifying the resilience of educational institutions against evolving cyber threats.
Further Reading
Google Cybersecurity best practices for K-12 schools
U.S. Department of Education Office of Educational Technology – Cybersecurity resources for K-12 and Higher Education
Should cybersecurity be made part of the school curriculum?
Thanks for reading. Be a part of our education community and get notified when we post new talks and discussions on all things education and EdTech. Subscribe to our weekly newsletter here.
