Cybersecurity in Education: Threats Are Going Back to School

As schools and universities prepare for a return to classes, they’re facing the challenges resulting from a recent upsurge in COVID-19 cases across the United States. As a result, many educators will have to support remote learning for their most vulnerable students. Also, a return to fully online classes is a distinct possibility in some regions.

The rapid shift to hybrid learning in 2020 revealed an array of cybersecurity vulnerabilities that colleges and school districts were not prepared for. From Zoom crashers, to identity theft and email compromise, schools faced myriad challenges–all while trying to ensure access for students with varying levels of internet service availability.

The recent EDTECH Leadership Survey Report from CoSN reveals how important issues around cybersecurity in education have become. (You can access the report here.)

According to the survey, cybersecurity is the top tech priority for IT leaders in education, followed by privacy and student data security. At the same time, these leaders report that specific cybersecurity in education risks are often underestimated.

These risks and threats are happening as schools simultaneously provide more online services (particularly during the pandemic), while facing bandwidth limits and budget constraints. In addition, 61% of districts said they were not prepared to provide remote technical support to students and families.

MSPs with clients in the education sector are uniquely positioned to help support these customers as they face mounting remote learning and online services requirements. MSPs can help secure educational networks and do so in a way that allows districts to make the most of their limited IT resources and budgets.

Underestimating the Threat

The report highlighted how many educational institutions have underestimated cybersecurity risks. When asked about perceived risks, most respondents (84%) did not rate any threats as high risk. Phishing was the incident type perceived as the greatest threat, but just 45% rated it as a medium/high or high risk. Even more distressing is the fact that 59% of districts did not have a cybersecurity plan.

According to the report, more than three-quarters (77%) of districts do not have a full-time employee dedicated to network security. Instead, most districts spread that responsibility across multiple positions. Additionally, roughly one-third rely on embedded network security monitoring, while 6% outsource this function.

How MSPs Can Help

There are several ways MSPs can help clients in the education sector address these issues. First, because the nature of specific threats is underplayed, training is critical for IT staff, as well as for educators and administrators. According to the survey, just half of districts require training for all staff, but 18% plan to do so. MSPs can aid these efforts by providing training for all stakeholders on current security threats and best practices, using phishing simulations to identify staff requiring additional training.  Click on Page 2 to continue reading…