The crucial importance of cybersecurity in the education sector

The importance of cybersecurity investment in education cannot be emphasized enough. The expenses associated with a cyber attack can significantly exceed the costs of a solid cyber security strategy. The dangers of networks should never be minimized, especially when thousands of sensitive data are at risk, which could only be stolen and returned for a hefty fee. The education industry, which has seen a growing wave of cyberattacks in recent years, is no exception to this rule. At a time when students increasingly rely on digital tools for studying and communicating with teachers and school staff, the pandemic has further amplified our dependence on technology and, consequently, the frequency of cyber-attacks in the education sector . Securing information systems in schools at all levels—from elementary to high school, through college and professional school—presents a major challenge for even the most seasoned IT professionals.

The networks of these institutions must be accessible to staff, students and others, but the interaction between the various levels of access of each user group creates additional risks. This is just one of several issues identified by Acronis, a leader in the cyberprotection field, facing Managed Service Providers (MSPs) working with educational institutions. External storage devices such as USB drives, external hard drives, CDs or DVDs also present a challenge for MSPs/MSSPs providing information security services to the education industry. As data breaches continue to expand in both volume and scope, the need for resilient cyber security standards cannot be overemphasized.

The independent Government Accountability Office (GAO), serving the US Congress, reports that school disruptions following a cyberattack last anywhere from three days to three weeks, and recovery can take anywhere from two to nine months. In addition to battling individual hackers, MSPs also face governments and highly trained foreign criminal groups that target employee and student data and other sensitive information. Techniques criminals employ to gain access to school system data include: phishing scams, ransomware attacks, distributed denial of service (DDoS) attacks, and "zoombombing". To protect students from online threats, another US government agency, Readiness and Emergency Management for Schools (REMS), suggests adopting digital security policies. The use of blocking and filtering applications, such as firewalls, encryption, and antivirus and anti-malware systems, has become essential for the education sector.

However, the available financial resources are often insufficient. According to a survey by the Nationwide Cybersecurity Review (NCSR), secondary schools and universities believe that lack of funding is the main problem: approximately one-fifth of schools invest less than 1% of their entire IT budget on cybersecurity. The cost of a hacker attack, considering both the time required for recovery and the potential for data theft, makes the availability of resources to counter this threat essential, even in contexts with limited budgets. In many cases, educational institutions need to protect not only academic data, but much more. One example is a class action lawsuit filed against an alleged data breach in 2021 at the University of California San Diego in which hackers accessed 500,000 employee email accounts, exposing sensitive health information. To address these issues, MSPs must implement best practices for security and privacy in the education sector. A good starting point is to limit the employees who can access sensitive data and modernize security with backup systems and integrated protection.