Authored by: Sumit Bansal, Senior Director of ASEAN and Korea at Sophos.
While the intention of all students receiving a personal laptop is excellent, it’s important to know that educational institutions hold valuable data making them prime targets for cyberattacks.
The Covid-19 pandemic made it necessary for schools in Singapore to implement home-based, remote. However, this also created new complexities and exposed potential flaws in cybersecurity systems. For instance, it may have allowed cybercriminals to devise specific techniques to attack school networks. As such, educational institutions need to step up their cybersecurity game to ensure that students and academics, as well as their data, are safe and secure.
Here are three main areas schools should start looking into as Singapore allocates more IT resources to the education industry.
Lack of skilled IT staff
Not specific to schools, the shortage of skilled IT workers is likely to leave the network of educational institutions susceptible to cyberthreats. During the Circuit Breaker period in Singapore, schools were closed and as teachers focused on preparing for remote learning materials, not a lot of attention was placed on the school’s IT security needs. There is a high chance that there aren’t sufficient resources allocated to looking after the schools’ network security, device management, and endpoint security policies – leaving the door wide open for cybercriminals to exploit weaknesses in the cybersecurity infrastructure to infect the network.
Since the start of 2020, Sophos has witnessed uptick in coronavirus phishing scams. This means that there is a high potential that these phishing emails will make their way to the inboxes of students and education staff as well. It is critical for teachers and students to learn how to identify such emails, to prevent them from falling for these scams.
Advanced malware attacks
Lastly, as with the rising trend in malware attacks, both students and teachers are susceptible to account takeovers, or unintentionally/carelessly sharing their information with cybercriminals. This gives cybercriminals the chance to access a school’s networks and launch a ransomware attack to take control of sensitive data.
To ensure that the education industry, teachers, and students are well protected against potential cyber threats, it is important to educate and provide guidelines on how they can identify and spot suspicious behaviours online, especially on devices that belong to schools. It is imperative that the education sector to look at installing an all-rounder cybersecurity solution to maximise the safety of children, teachers, and schools.”