The continued adapted way of life, work and learning in varying degrees of social distancing and lockdown, not only presents issues and challenges; it also provides opportunities. And no, this is not a hyped-up motivational speech-type post.
Having worked my entire career in technology project arenas; professional learning and organisational change, I’m acutely aware of the power of enabling technology but also the vulnerability of your IT systems, processes and products being digitally accessed and thereby digitally attacked and compromised.
In education environments impacted by the pandemic, academics, administrators and students alike are all getting to grips with more digital content, more digital access and delivery and continued use of digital connectivity to research content, construct papers and connect to fellow students. However, many of us are not always thinking about or prioritising our safety in cyberspace under such pressured conditions.
A very quick search engine trawl reveals that cybercriminal attacks on educational establishments are on the rise. Ransom and Malware; Denial of Service attacks and data theft are the nature of the crimes. Take Northumberland and Newcastle University where exam and clearing hotlines have been compromised. How will each university recover from this data loss – and potential financial loss – for this academic year? Let alone the worry and stress this adds to the students themselves.
Some academic institutions have paid ransoms, desperate to get themselves swiftly back to an operating state. But whilst the disruption to education flow is understandably bad and causes reputational damage and interrupts the students crucial learning time; it is educational establishments duty of care to students that is paramount.
What more then, can those in our already highly-challenged education sector do to make themselves more cybersafe and fulfil that duty of care obligation?
Before we look at actions, why is it that the education sector appears to be more fragile than other businesses or institutions?
- Resourcing being stretched to focus on ‘keeping the show on the road’ in times of more dispersed delivery, submission and assessment of the teaching, learning and marking.
- An ever-challenging ‘Bring Your Own Device’ approach presenting issues to secure the network
- Low awareness amongst staff and students which may be down to a policy lacking in power and influence. – setting out policies for using the network and making sure they’re adhered to can be difficult in large institutions with a dynamic user population.
- Rapid growth and expansion into overseas markets – often this makes networks more vulnerable and open to attack at times of scaling at speed.
So onto the potential solutions:
- Emphasise the duty of care the academic institution places on its students and therefore through cyber security measures this is a natural extension of that duty of care.
Indeed, making the onboarding much clearer about this brings the point of integrity, use of software, and having students themselves being alert to potential phishing scams, breaches and seemingly odd technical emails and messages puts many sets of eyes onto the security ‘watch’. Rather than creating fear, the sense of care and the level of security that all students, academics, researchers, teachers and administrators can show proves the collective effort helps very stretched technical teams.
Communication around cybersecurity and awareness should be smart, regular, clear. Whether through Academic Institutions own apps, platforms and programs, to their general bulletins and engaging messaging, a spotlight on being cybersafe will help people be super aware and confident in managing their access to academic portals.
- As part of onboarding, security tips form part of a mandatory training element for all staff and students. Something realistic, engaging and useful that could take the form of a simulator or an interactive story to bring it to life. Seeing the consequences of security breaches will help people know their part to play in being aware and confident.
Indeed the module should go beyond accessing the academic platforms and apps and give ‘life skills’ around scams, phishing and malware installation. Students and staff who feel more equipped to be safe in cyberspace not only on ‘campus’ technology, is a real added value competence.
So any experiments with additional software and the downloading of apps and tools can come from a more informed perspective and not simply ‘done on the fly’ which may jeopardise the entire secure infrastructure.
- Advancing the cybersecurity skills of the CTO and their team. Not just the developers or network administrators but anyone in the IT team. And running regular drills for those crucial technologists will ensure where there is an attack, that containment and recovery can be rapid and safe.
Indeed, keeping a very close watch on breaches more widely and the techniques employed by hackers and malicious software will help the professionals in technology be more confident and capable when the danger is spotted for real.
Increased use of multifactor authentication (biometrics, safe devices and linked platforms and apps) will also be vital in securing access levels and privileges and preventing any unauthorised hacks into the vital systems.
So, some of this is technological, some of it technical but all of about heightened focus and awareness.
Being cyber security confident is no longer the domain of technologists; it’s now an all-in solution with all of playing an active part in our combined duty of care that supports the vital aspect of life that is education.
Founder and CEO – PTHR
3x HR Most Influential Thinker’s List
2x Author and 2x TEDx Speaker on the Future of Work