Cybersecurity in Education: Threats Are Going Back to School
Many schools lack the resources to address cybersecurity in education, but MSPs can help.
August 26, 2021
Sponsored by Barracuda MSP
As schools and universities prepare for a return to classes, they’re facing the challenges resulting from a recent upsurge in COVID-19 cases across the United States. As a result, many educators will have to support remote learning for their most vulnerable students. Also, a return to fully online classes is a distinct possibility in some regions.
The rapid shift to hybrid learning in 2020 revealed an array of cybersecurity vulnerabilities that colleges and school districts were not prepared for. From Zoom crashers, to identity theft and email compromise, schools faced myriad challenges–all while trying to ensure access for students with varying levels of internet service availability.
The recent EDTECH Leadership Survey Report from CoSN reveals how important issues around cybersecurity in education have become. (You can access the report here.)
According to the survey, cybersecurity is the top tech priority for IT leaders in education, followed by privacy and student data security. At the same time, these leaders report that specific cybersecurity in education risks are often underestimated.
These risks and threats are happening as schools simultaneously provide more online services (particularly during the pandemic), while facing bandwidth limits and budget constraints. In addition, 61% of districts said they were not prepared to provide remote technical support to students and families.
MSPs with clients in the education sector are uniquely positioned to help support these customers as they face mounting remote learning and online services requirements. MSPs can help secure educational networks and do so in a way that allows districts to make the most of their limited IT resources and budgets.
Underestimating the Threat
The report highlighted how many educational institutions have underestimated cybersecurity risks. When asked about perceived risks, most respondents (84%) did not rate any threats as high risk. Phishing was the incident type perceived as the greatest threat, but just 45% rated it as a medium/high or high risk. Even more distressing is the fact that 59% of districts did not have a cybersecurity plan.
According to the report, more than three-quarters (77%) of districts do not have a full-time employee dedicated to network security. Instead, most districts spread that responsibility across multiple positions. Additionally, roughly one-third rely on embedded network security monitoring, while 6% outsource this function.
How MSPs Can Help
There are several ways MSPs can help clients in the education sector address these issues. First, because the nature of specific threats is underplayed, training is critical for IT staff, as well as for educators and administrators. According to the survey, just half of districts require training for all staff, but 18% plan to do so. MSPs can aid these efforts by providing training for all stakeholders on current security threats and best practices, using phishing simulations to identify staff requiring additional training. Click on Page 2 to continue reading…
MSPs can also help districts and colleges protect themselves against the growing threat of ransomware. Most respondents to the EDTECH survey (72%) use backup and off-site storage, but MSPs can help them take these efforts to the next level. First, MSPs can routinely test their backup and recovery efforts, ensuring that backups are housed securely.
These procedures should be further enhanced with training (which we already covered) and password management best practices, multi-factor authentication (MFA), and encryption. Using security monitoring tools that can identify potential breaches–such as those that utilize artificial intelligence or machine learning to evaluate “normal” email activity and more easily spot anomalies—is also highly recommended.
As the survey showed, many districts lack a comprehensive cybersecurity plan. MSPs can perform security audits to identify vulnerabilities for these organizations and then aid them in crafting a security plan that will work for their network and operations.
According to the survey: “Note that while many of the practices might be difficult, complicated, and expensive to execute, working with EdTech providers to improve security is low hanging fruit all districts can reach.”
Last year saw a record-breaking number of cybersecurity attacks. Educators are vulnerable to ransomware attacks, as well as phishing schemes that can result in the loss of student data. However, schools are aware of some of the risks—the survey notes that more districts are purchasing cybersecurity insurance this year.
However, these policies often require educators to maintain a high level of cyber hygiene. Many colleges and school districts are not equipped with the staff or resources to do so. MSPs are positioned to offer these clients a cost-effective approach that can help secure school networks, even as the number of people remotely accessing their resources increases.
Michael Mowder is the Senior Director of Global Partner Success for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for the partner journey from on-boarding, to implementation, through professional services and finally, renewal.
This guest blog is part of a Channel Futures sponsorship.
Read more about:
MSPsAbout the Author
You May Also Like