Image

The challenges of cyber risk
A present-day example: in the wake of "numerous" attempts by criminals to deploy targeted ransomware through social engineering, the UK's national fraud and cyber crime reporting centre Action Fraud issued a public alert in January. The threat actors rely on cold calling as the initial attack vector; they claimed to represent the Department for Education before requesting the head teacher's email address — on the pretext of transferring information regarding examination guidance, mental health assessments, or another sensitively classified topic. Risk perception is crucial There is a clear need for schools to protect students and teachers from inappropriate and illicit material in the Bring Your Own Device (BYOD) age. Safeguarding is a crucial "cyber risk" challenge, which is why "strengthened measures to protect children from harm online" were implemented in the UK several years ago. The Cyber Threat Landscape encompasses the tools, techniques, and targeting methods employed by today's cybercriminals. However, when reviewing this landscape from a holistic standpoint, school leaders and IT administrators must not forget the acceptable and responsible use of network facilities inside their educational institution. The acceptable use policy (AUP) formally outlines how an institution expects students, teachers, support staff, and stakeholders to conduct themselves when using information systems. An alternative term that has surfaced in recent years is the "responsible user policy" — incorporating positive objectives for integrating technology with day-to-day school life. A typical school AUP covers the following points:- Vandalism and misuse of physical equipment
- Use of removable storage devices
- Use of print and copy facilities
- Use of school email facilities
- Content filtering and monitoring
- Access to school-specific platforms (e.g. VLE)
- Password usage and strength guidelines
- Best practices for safe computing
- Accordance with state and/or national laws
- Exfiltration through social engineering attacks
- Loss or theft by ransomware and malware infections
- Corruption by defective disks and storage media
- Theft by unauthorised access to computing devices
- Destruction by natural disasters or external forces
- Intentional destruction or alteration by users
- Accidental destruction or alteration by users
"If an attack causes one security mechanism to fail, other mechanisms may still provide the necessary security to protect the system."Administrators should implement and maintain a multi-layered set of defences to protect from data destruction, corruption, and exfiltration. Hardware and software solutions may focus on malware protection, VPN provisioning, data loss prevention (DLP), and institution-wide backup routines.
Conclusion
There are clear parallels between managing cyber risk in schools with the corporate world, which is why a business approach is just as vital. Educators are driving transformational change through technology — but we must not overlook the risks that emerge when information security is concerned.Image
