Technology has increasingly become an integral part of teaching and learning for students, teachers and educators in schools. Whilst the abundance of tools and softwares presents new avenues for innovative education, it also positions schools in a high risk environment for cyber attacks. Even the NSW Department of Education was a victim of cyber crimes. However with the right infrastructure, knowledge and technical support, schools can immensely reduce the risk of falling victim to an attack.
Cyber attacks against schools range from adware, phishing and ransomware. Surprisingly, the success rate of these common attacks are attributed to the lack of awareness by users in identifying the risks and understanding how to avoid these situations. Ultimately, it is a costly impact both financially and emotionally for schools, students and teachers affected. Cyber crimes result in significant disruptions and downtime to day to day classroom activities.
Schools become a target of cyber crimes for a range of objectives including the following:
- Obtaining confidential data which can be sold
- Creating widespread disruption and reduced productivity
- Accessing financial information and viewing online transaction details
- Presenting as an easy target for hackers
Regarding the last point above, assessing why hackers consider schools easy prey may be best understood by the cyber skill shortage prevalent across educational institutions. Additionally, young technology users particularly amongst primary schools means there is a higher likelihood that malicious emails, links and websites are clicked, meaning schools become more susceptible to cyber attacks.
At the root, what can be done?
It all starts with equipping IT users in schools with the understanding of good cybersecurity practices. This was a critical concern for one of Virtu’s Education clients – an independent school based in Queensland. One of the oldest Grammar schools in Australia, they have implemented innovation in the ways they approach the teaching and learning requirements of their students, offering specialised teachers, focused curriculum and a unique approach further fostered by technology.
Challenges
Virtu was advised that the client needed support in generating a cybersecurity plan after receiving pressure from the school’s board members that the school needed to improve its cyber safety approach in the best interest of students and staff. This has been a common trend identified amongst private schools.
The client was faced with the following key challenges:
#1. Unsure how to start their school’s IT posture assessment.
#2. Tight budget assigned to cybersecurity amongst other IT requirements.
#3. Needed a solution fast to address growing concerns from student families and school leaders
Solution
After a series of consultations, Virtu presented the KnowBe4 solution as a human firewall solution. KnowBe4 provides Security Awareness training to help address the risks of spear phishing and ransomware attacks.
The client was interested in the following solutions:
#1. Baseline testing to assess the Phish-Prone percentage of users through a free simulated phishing attack
#2. Extensive library of security awareness training content including interactive modules, videos, games, posters and newsletters
#3. Needed a solution fast to address growing concerns from student families and school leaders
#4. Enterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management and leadership team inquiring about Return on Investment
Virtu is currently working with the client to improve their security posture through the Knowbe4 solution. Building the right platform and conversation around cybersecurity has also meant that the client is now entrusting Virtu with delivering the school’s penetration testing to examine their overall security grade.
Cyber attacks do not wait for organisations to react or recover. Don’t wait for a solution but take action now. Speak to Virtu today and trust the experience of supporting hundreds of schools secure their data and keep their students and staff safe.