6 Cyber Security Tips for Universities and Schools (2021 Guide)
Cyber Security for Universities and Schools – Transforming education into an online experience last year was a challenge. But it also opened an avenue for cyber criminals. Universities and schools are now the most targeted types of organisations.
To help, we have created some easy cyber security tips for Universities and Schools in 2021.
Firstly, let’s recap why universities and schools are under constant attack by hackers.
Universities and schools store cyber criminal gold: the personal data of their staff and students (addresses, passwords and even payment details for staff and parents).
In addition to this, information leaked or sold online, can also damage the reputation of a university or school.
They could also be hit with a hefty fine if personal or sensitive information is stolen.
So how can Universities and schools strengthen their cyber security?
1 Passwords! Start with the basics and protect your accounts
Passwords are one of the most common security measures for user accounts.
We recommend the following for Schools and Universities;
- 8 characters or more
- uppercase letters
- lowercase letters
- a number
- a special character
Additionally, the accounts should automatically log out after a short period of inactivity to prevent unauthorised access by someone else.
For universities and schools using Microsoft Active Directory, a policy for working hours can be set. This prevents access to the accounts outside of these hours.
2 Enable multi-factor authentication (MFA) – you should do this on your personal accounts too
Cyber criminals no longer struggle to hack basic password-only authentication.
So passwords alone are not enough to keep hackers out.
But multi-factor authentication goes one step further.
Think of a password as a secret you write to enter.
Remember being 6 years old and building a tent out of blankets with your friends? You entered the den with a password. And when others had the password they could enter. And you had to change passwords to silly things constantly to stop one of your friends from entering. The problems with passwords today are similar.
Some people (& websites) are not very good at keeping their passwords a secret.
But something you have (such as a phone or physical security key), or something you are (biometrics – fingerprint) is something a hacker will struggle to bypass.
As a result, several universities and school have moved to 3rd party learning management systems (LMS) such as Canvas.
These systems require students and staff to login with a username and password (single-factor authentication).
Most MFA methods will use an application on your mobile phone. Once linked to your account, it will provide you with a code or set of numbers which you can then use on your computer to authenticate your login.
Access to the account is only granted after the login is validated. This is validated using the code that is present on the application, which must then be typed to complete the login.
This makes it very difficult for cyber criminals to break into an account, this is something far-less obtainable. As without the personal device, they will not receive the code.
3 Keep your software up-to-date by performing regular software updates, including your Anti-Virus software
Two common cyber security threats that are used to attack IT systems;
- Malware (malicious software)
Malware has been used to steal information from a victim’s device. Cyber criminals then use the stolen information as leverage to blackmail their victim.
Therefore, we strongly advise that anti-virus software is installed on devices. Especially those that handle sensitive data (including any student details).
Anti-virus software can detect certain malware and viruses and execute the necessary measures to remove them.
Furthermore, it is also worth remembering to update antivirus software regularly. This ensures you have the most recent versions of malware and viruses definitions.
Anti-Virus platforms use large databases of definitions (which is similar to a signature). Once the Anti-Virus matches a signature from it’s database to a file on your computer, it will know what it is. This is why it is important to make sure it has the latest definitions (signatures).
4 Learn what scams look like
Emails are a crucial component of online learning. Scheduling classes and formal communication between staff and students heavily depend on emails.
Unforuntately, Cyber Criminals are also aware of this. Cyber criminals use this to their advantage to launch email attacks, one being a phishing attack.
They can impersonate a trusted individual or company and request sensitive information such as passwords (to student accounts for example) or to simply gain trust to initiate a more sophisticated attack.
Policies for Spam and Phishing are available by most email providers, one of the largest being Microsoft Exchange.
Microsoft Defender for Office 365 has a set of policies that are easy to use for most IT Engineers. Often they take the user, step by step, through configuring the policies to the needs of the organisation.
The policies analyse and filter emails by determining if they have spam ‘features’. If spam is identified, it is quarantined in a ‘Spam’ folder.
Email service providers usually have these filters on by default. Universities and schools can also buy additional Spam filter software for even greater phishing protection (you can contact us for advice).
An alternative to emails is software like Desktop Alerts. These will send notifications directly to the screens of students and/or staff. This way, only messages from selected trusted sources will appear to everyone in an institution.
5 Principle of Least Privilege – limit account access to what they NEED
The rights to access information should be different depending on the role of a person in a university or schools.
For example, only members of the finance team should be able to access financial data, whilst teachers should not have access.
6 Educate staff and students on cyber security
This is perhaps the most effective strategy long term.
When members of an organisation are aware of nature and risks cyber security threats, they will themselves behave in a cyber safe manner.
In contrast, all of the above measures are useless if students and staff do not understand basic cyber security.
Boot camps for Cyber Security awareness, increasing staff and students knowledge, are available and recommended for Schools and Universities. Viewdeck can facilitate these boot camps for you.
With money-driven cyber-attacks becoming increasingly common, universities and schools should go the extra mile to ensure their institution does not fall victim.
Get in touch with us here to discuss cyber security for your university or school.
Stay safe and happy teaching 🙂