It’s been a big year for cyber attacks in Australia. We’ve had three of the largest and most high-profile data breaches in our nation’s history. Unfortunately, it’s not just Australian businesses in the firing line, but our schools too. The education and training sector reported the most ransomware incidents in 2021–22, rising from the fourth-highest reporting sector in 2020–21 according to the Australian Cyber Security Centre.1
Schools are a tempting target for cybercriminals. They collect a vast amount of data, from student demographics and grades to financial information and medical records. The increasing use of technology in schools due to the pandemic – cloud computing, online platforms and mobile devices – mean that the volume of data is larger than ever. School leaders are under increasing pressure to secure school data and protect the wellbeing of students, their families and staff.
So what are the main threats, and what measures can be put in place to counter them?
A data breach is when sensitive information about students, parents, teachers, and staff is leaked or stolen. This information can include names, addresses, health information, financial information, and more.
To prevent data breaches, schools need to ensure that their school management platforms use secure protocols for storing and sharing data, use secure identity methods like multi-factor authentication to prevent unauthorised access to the platform and use security controls and alerts to monitor their environments, just to name a few.
Ransomware attacks and phishing
These involve hackers encrypting a school’s data and demanding a ransom payment to unlock it.
Schools can protect themselves against ransomware attacks by backing up their data regularly, implementing strong password protocols, and training staff to avoid phishing scams. They should also practise restoring data from backups periodically, and consider investing in cybersecurity insurance to mitigate the financial impact of a ransomware attack.
These technical measures are important, but schools must also educate students, teachers, and staff about the importance of good cybersecurity practices. For example, schools can conduct regular training to raise awareness about the dangers of phishing scams, password security, and social engineering. Schools can also encourage students and staff to adopt good habits such as using strong passwords, updating their software regularly, and reporting any suspicious activity. All steps that can be taken, must be taken, as schools must comply with the Australian Privacy Principles (APPs) and the General Data Protection Regulation.
Is there another way?
Sophisticated cloud-based education platforms, underpinned by the first-class security of a major tech company, offer an alternative. Connected Schools is a complete school management solution, built on Microsoft’s D365 platform, used by the entire school community. By drawing together all facets of teaching, learning and administration into one dynamic system, it removes the need for schools to patch together their own technology puzzle with the associated risks.
The heft of Microsoft and its robust security mechanisms bring peace of mind. Regular security updates address new threats and vulnerabilities, along with a raft of other protective measures. It’s possible to integrate Connected Schools with other security solutions such as firewalls, antivirus software, and intrusion detection systems to provide an even more comprehensive security posture, if needed. Having such an enterprise-level security platform is best practice for the protection of school data.
School data security is a complex and an ever-evolving challenge. It requires a comprehensive approach, from investing in the right technologies to educating students and staff. Schools must take a proactive stance to foster a safe and secure learning environment for their students, while also building trust and confidence among their stakeholders.