Managing the threat of cyber attacks in schools
Managing The Threat Of Cyber Attacks In Schools
Since the introduction of remote learning, the threat of cyber attacks in schools due to increased reliance on technology has substantially increased. However, with good cyber security culture and awareness amongst staff and students, schools can decrease the chances of cyber attacks. Here’s our take on what cyber attacks are, why schools are targets and what can be done about it.
What are cyber attacks?
While there are various definitions of what a cyber attack is, according to the Australian Cyber Security Centre, a cyber attack is a deliberate attempt to gain access to computers or networks with the intent to manipulate, disrupt or destroy the information held. Cyber attacks are estimated to cost Australian businesses $29 billion each year, and are considered a significant threat. 95% of these attacks are caused by human vulnerabilities. If students lack awareness of common attacks like password infiltration, adware, phishing, and ransomware, they are significantly more at risk of clicking that link.
News coverage on cyber attacks
Schools have been more reliant on technology than ever since the introduction of remote learning during the COVID-19 pandemic. While online learning was established to provide a continuity of learning during lockdowns, schools became more reliant on technology which increased their susceptibility to cyber attacks. There have been a number of cyber attacks in the education sector. Just hours after the NSW department of education announced that schools should return to remote learning due to another COVID-19 outbreak, several internal systems were deactivated in a cyber attack which caused disruptions to term 3 preparations.
Why schools?
Instances of cyber attacks have been on the rise since the introduction of remote learning. But why? Here are some reasons:
What can schools do?
To mitigate the risk and event of cyber attacks, adequate cyber security training within the school community of student, staff and IT departments are essential.
Students
As student learning becomes more digitised and remote learning more accessible, it is necessary that schools and families understand potential cyber threats and how their technology usage can influence their online privacy.
Schools can provide assistance to students by:
- Passwords – educating students on the importance of strong passwords and to keep such information private.
- Personal information – informing students on what constitutes personal information, the value of it and to be selective about the information they share online.
- Phishing emails – providing students definitions and examples of phishing attacks and scams to assist with their understanding.
- Staff – Opportunity for cyber criminals to gain access to databases and school systems is increased when staff access systems using home Wi-Fi and computers. The lack of home security arrangements can result in hackers taking advantage of valuable information and systems.
Schools can support staff in understanding what they can do to protect their information by:
Providing adequate information and resources that inform staff about identifying suspicious emails, websites or links, and how to ensure their devices are up to date. The Australian Government’s Australian Cyber Security Centre provides relevant cyber security information for individuals, small and large businesses.
Upskilling staff in cyber security with learning courses
Providing adequate information and resources that inform staff about identifying suspicious emails, websites or links, and how to ensure their devices are up to date. The Australian Government’s Australian Cyber Security Centre provides relevant cyber security information for individuals, small and large businesses.
Cyber attacks in schools can be prevented with the right support, training and understanding of how threats can occur. By doing so, learning environments for students will be more safe and supportive.
Beware: data breach
Schools need to be aware that a successful cyber attack can constitute a data breach, and may be considered a Notifiable Data Breach under the federal Privacy Act 1988 (Cth) if:
there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an organisation or agency holds this is likely to result in serious harm to one or more individuals; and the organisation or agency hasn’t been able to prevent the likely risk of serious harm with remedial action.
If a Notifiable Data Breach occurs, the affected individual(s) and the OAIC must be informed. However, it is important to note that not all data breaches occur as a result of cyber attacks. The OAIC’s Notifiable Data Breaches Report found that, while 58 per cent of data breaches are a result of malicious attack, 38 per cent are due to human error. Therefore, establishing and embedding effective privacy policies and processes is integral to ensuring an effective defence against cyber attacks.
How CyberPathways can help?
For more information on how your School can become Cyber ready and access the full range of Cybersecurity training and tailored programs, contact us at [email protected]
Ready to get started?
Find out how CyberPathways can help your organisation human-proof your cyber security