Cyber Awareness Month 2024
Enhancing Cybersecurity in the Education Sector
Improving cybersecurity in the education sector requires a multifaceted approach, as colleges and universities often handle sensitive student, staff, and research data, making them prime targets for cyberattacks. Below are some key strategies for enhancing cybersecurity in this sector:
- Implement Robust Security Policies
Policies are essential for any organisation because they establish clear guidelines and standards that ensure consistency, accountability, and compliance within your organisation. In cybersecurity, well-defined policies will help protect sensitive information, mitigate risks, and create a security conscious culture, ensuring everyone understands their roles and responsibilities in safeguarding data.
Policies help formalise your security controls as ongoing processes rather than being ad-hoc measures, which will further strengthen and enhance the protection of your organisation and its data.
Acceptable Use Policy (AUP) will help establish clear guidelines on how students and staff should use institutional devices, networks, and data.
A Data Protection Policy will help clearly define how sensitive data should be collected, stored, processed, accessed, retained and deleted. It is especially important for educational institutions to emphasise compliance with regulations like the General Data Protection Regulation (GDPR), which sets strict guidelines for data protection and privacy for individuals. A proactive approach minimises the risk of data breaches and legal ramifications, ultimately fostering a culture of accountability and respect for personal privacy within the institution.
- Strengthen Network Security
Strengthening network security is crucial for safeguarding your sensitive information, preventing unauthorised access to your systems, and protecting against cyber threats. This will go a long way to ensuring the integrity and availability of your critical systems and data.
Network segmentation is a necessity in order to enhance your security and performance by means of dividing your network into smaller, more manageable segments. This will help contain potential breaches, limit access to critical systems and data and limit lateral movement, preventing attackers from moving freely across the network.
To further strengthen your security, the deployment of Firewalls and Intrusion Detection Systems (IDS) are key to be able to actively monitor and filter incoming traffic. This will aid you in detecting and responding to suspicious activity and potential threats in real time.
Encourage the use of Virtual Private Networks (VPNs) for remote learning, staff working offsite and for accessing sensitive systems outside of the campus network. This is essential to provide additional protections such as encrypting the internet traffic. This is especially important when using public Wi-Fi.
- Implement Strong Access Control Measures
Multifactor Authentication (MFA) is an essential security measure these days to prevent access to your accounts, should your credentials be leaked or compromised. Hackers are becoming more sophisticated in their attacks and working in defence in depth is going to deter threat actors and move on to the next low hanging fruit. MFA should be enforced for all staff and students accessing institutional platforms, databases, cloud services, public facing platforms and email accounts.
Zero Trust architecture can help students in colleges and universities reduce reliance on MFA by implementing a more comprehensive security model that continuously verifies user identities and device security, regardless of location. Instead of solely relying on MFA to authenticate access, Zero Trust assumes that threats could exist both inside and outside the network. This means that every access request is evaluated based on user identity, device health, and contextual factors, allowing for more granular control over permissions and access to resources. By adopting this approach, institutions can minimise the need for MFA as a primary security measure, while still ensuring robust protection of sensitive data and resources, ultimately enhancing the user experience without compromising security.
Role-Based Access Control (RBAC) can be used to restrict access to sensitive information based on user roles and responsibilities. Individuals will therefore only have access to the data and resources they require for their day to day tasks. This will therefore minimise the risk of having unauthorised access and reducing the threat of data breaches.
Identity and Access Management (IAM) allows you to centralise and automate user account management, further enhancing your security controls by only allowing authorised users to access sensitive information and consistent approach to access right assignment across the organisation.
- Data Encryption and Backup
Data encryption and backups are essential in order to protect your sensitive data from unauthorised access and loss, in the event of a breach, system failure or cyber/natural disaster. Your critical data will remain secure when encryption is enabled at both rest and in transit. Having a robust backup system, with data stored offsite or in the cloud, immutable backups and segmented backup systems will enable quick restoration in order to maintain business continuity.
- Regular Security Audits and Penetration Testing
Regular security audits and penetration testing are crucial for identifying vulnerabilities and weaknesses in an organisation’s security posture, enabling proactive measures to be taken to strengthen defences and reduce the risk of potential cyber-attacks.
Having routine assessments conducted will involve checking the institutions policies, systems and networks in order to identify potential risks to the organisation. This will allow them to be addressed promptly and continually improve the overall security posture of the organisation.
Having penetration testing conducted on your systems, allows a professional to simulate real-world attacks in order to identify weak spots within your defences before the attackers do. This will offer valuable insights into the vulnerabilities in your defences and enable you to enhance your security measures.
In addition to these measures, effective patch management will guarantee that all software, including operating systems and hardware, is consistently updated and patched, addressing vulnerabilities and reinforcing defences against potential exploits in your systems.
- Secure Devices and Cloud Services
Your institution owned devices are weak spots in the network which should have good defence in depth measures in place, such as regular patching, host firewall enabled, antivirus installed and using endpoint detection and response software (EDR). This will go a long way to preventing infections and from spreading across the network.
In addition to your owned devices or managed devices, the use of unmanaged personal devices, poses a significant risk to your organisation. You must develop security protocols for the use of all staff and student personal devices. While student BYOD is out of scope for Cyber Essentials (CE), it is still important to secure against the threat these potentially vulnerable devices. Having a separate isolated network for personal devices with just access to the internet is recommended. Having network monitoring, using device registration such as Mobile device management systems will aid in providing technical controls for these devices to ensure of compliancy with your policies and procedures before accessing organisational data and services.
It is important to do your due diligence on your cloud service providers to ensure they are following security best practices and at a minimum work towards your own policies and procedures. Making sure they provide MFA, encryption and strong user authentication are necessities during procurement. Supply chain attacks are on the rise and you want to ensure your data is well protected.
- Incident Response and Recovery Plan
Incident response and recovery plans are critical for organisations as they provide a structured approach to identifying, managing, and mitigating security incidents, ensuring swift recovery and minimising the impact on operations and data integrity.
You should have a comprehensive incident response plan outlining the steps that need to be taken in various incidents, such as ransomware, data breach etc.
It is crucial that key personnel are trained and that they clearly understand their roles and responsibilities during an incident, as this preparedness can significantly mitigate damage. To reinforce this readiness, conducting regular cybersecurity tabletop exercises and simulations helps familiarise the team with response protocols and enhances their ability to act effectively under pressure.
Furthermore, after an incident, performing a thorough post-incident review allows organisations to analyse how the breach occurred and identify improvements to prevent similar incidents in the future, thereby continuously strengthening your security posture.
- Collaborate with External Partners
Collaborating with external partners and the educational community is essential to enhance your cybersecurity posture, as it enables the sharing of best practices, threat intelligence, and resources, therefore ultimately fostering a more resilient defence against evolving cyber threats.
Utilise and keep updated through the Jisc cyber security community. There are now more than 2,200 members, providing a forum for sharing knowledge, best practice and threat intelligence for the benefit of the whole education and research sector. Information sharing programs such as MISP can be further utilised for threat intelligence to stay up to date on the emerging cyber threats targeting the education sector.
After all, prevention is better than cure and we should all defend as one.
- Compliance with Legal and Regulatory Requirements
Ensuring compliance with legal and regulatory cybersecurity requirements is crucial for protecting sensitive data, avoiding legal penalties, and maintaining the trust of stakeholders by adhering to industry standards and regulations like GDPR to ensure proper handling and protection of personal data.
Managing, maintaining and retaining data access logs is key to ensure compliance with auditing and regulatory requirements.
- Foster a Security First Culture
Fostering a security first culture is essential for creating an environment where cybersecurity is prioritised by everyone, ensuring that individuals consistently follow best practices and remain vigilant against potential threats.
Integration of cybersecurity topics into the broader educational culture will help aid this effort. Capitalising on events such as cyber security awareness month in October, World Password Day and Safer Internet Day can help foster this culture throughout the course of the year rather than a one off training course.
Offering incentives for staff and students who practice good cybersecurity habits or report potential vulnerabilities can be highly effective in fostering a proactive security culture. Some of the best ways to implement this include providing recognition such as a cybersecurity champion of the month award, extra days off or using gamification using points to redeem prizes.
By integrating these strategies, educational institutions can create a more secure environment, protecting their digital infrastructure from the growing number of cyber threats.
———————————————————————————
And keep updated by joining the Jisc cyber community group. With more than 2,200 members, it’s a forum for sharing knowledge, best practice and threat intelligence for the benefit of the whole education and research sector.
Explore the latest cyber security technologies, innovations and future insights from both a national and international perspective at Jisc’s Security Conference 2024, 26-27 November, ICC Wales, and 28 November online.
———————————————————————————-