According to the Annual Verizon Data Breach Report 2020, Education service providers performed poorly in terms of reporting phishing attacks, thus losing critical response time for the victim organisations. Phishing and cyber-attacks are a post-COVID reality faced by all businesses due to the risks increasing due to the rise of remote work and the varied level of preparedness of organisations.

Schools are a treasure trove of data for hackers, and with social engineering attacks on the rise more than ever before, data security needs to be front of mind for your school.

Daryll Holland – our Head of Information Security, shares his tips on how schools can improve their cybersecurity measures. Here are four key areas your school should consider:

Four Essential Cybersecurity Considerations for Schools

1. Involve your leadership, good governance is critical

  • Review and update your policies, including your school’s Privacy Policy, Bring-your-own-device Policy, InfoSec policy and Acceptable Use policy.
  • Understand what data you hold, what you do with it and how long you keep it in accordance with the Privacy Act.
  • Enforce a software installation policy and avoid consumer cloud products and free Learning Management System providers.
  • Implement a Security Incident Response plan. Download our template here.
  • Complete a risk audit of your critical assets and assess potential vulnerabilities.
  • Better understand parent-educator collaboration and the effects of bridging the gap securely.

2. Technical tips

  • Keep all software up to date.
  • Enforce Multi-factor Authentication for your identity provider.
  • Consider an organisation-wide password manager.
  • Pentest and vulnerability scan your networks.
  • Review your user accounts.
  • Air gap and test your backups.

3. Build awareness

  • Educate your users again, and again, and again through security training and awareness.
  • Focus your attention on the most common attack vectors such as phishing and social engineering.
  • Make awareness training relevant to their personal lives, especially if using personal equipment for work.

4. Test your school’s preparedness

  • Organise a phishing simulation. Suggested simulation platforms are Trend Micro Phish Insight, KnowBe4, MimeCast and Sophos.
  • Monitor for confidential information leaving your organisation. If you are a Microsoft subscriber, consider their Data Loss Prevention features.
  • Setup a table-top security incident test for your leadership.

Make a start today by downloading our Security Incident Response Plan.