23 December 2020
Ken Galvin, senior product manager, Quest KACE
Cybersecurity effects every industry and this is no different when it comes to the education sector. As we continue to innovative and progress in a digital world, the threats only increase, and cybercrime is a growing challenge for educational institutions. From schools, through to colleges and universities – every educational department can be at risk of a cyberattack. 
One of the many challenges is managing endpoint security. As smartphones, tablets and laptops made their way into the classroom, the risk of a data breach increased. In addition, the greater risk continues to be remote access from teachers and students hitting the network from home - and the current global pandemic has catapulted this challenge with IT admins now managing a complete remote working environment almost overnight.
Campuses and schools of all sizes suffer breaches that can put important funding and donor information in danger. Student privacy about class enrolment, last names, home addresses and other sensitive personally identifiable information can also be put in jeopardy. Any data which provides personal information is a gold mine for cyber criminals. Schools and universities often also hold information on next of kin and other family details – all of which is invaluable. In fact, a higher education institutions recently reported 118 successful cyberattacks within a six month stretch, accounting for 13% of all breaches, making higher education the third-most-targeted sector behind healthcare and finance.
Cyber criminals will often look for a way to exploit vulnerabilities to gain entry into the network. The challenge is with more connected devices there is a growing number of access points. The proliferation of technology has always heightened the risk of an attack, but today almost every employee and student has had to work remotely during lockdown – all of these devices and access points need managing. This has also come at a time when IT departments are stretched and have limited insight and control. If you allow Bring Your Own Device, everything from Wi-Fi connections, to user passwords, and in some cases, patching is now outside of the immediate control of IT. And every device using the network is a possible attack vector.
Before the pandemic hit, educational bodies were starting to look at how best to implement bring-your-own-device policies and some departments had processes in place. But even the most prepared IT teams have not been able to handle the significant surge that the pandemic has brought. The increased adoption of remote devices means that fundamentally IT teams now have less visibility into the devices connected to the network, there are more potential weak access points for cyber criminals and therefore less control and security. The bad guys will also be looking to take advantage of the current lack of control caused by a sudden flood of unknown devices hitting the networks from practically endless amounts of unknown places. In addition, this is a long-term challenge, even when we start to see the transition back into the classroom, there will still be a significant uptick in the number of remote devices.
Keeping track of these new devices, platforms, applications and technologies can seem overwhelming – especially in light of the pandemic. So how can IT departments overcome what feels like an impossible task? Many IT teams spend too much time firefighting, worrying about the risks of security breaches and are stretched too thin. This leads to a greater risk of missing vulnerabilities. IT administrators need to have the bandwidth and ability to be proactive, keep up-to-date with the latest technology, and get involved in technology planning and decision-making to mitigate cyber risks. It really boils down to understanding what devices are connected to the network and ensuring IT teams have full visibility, to decide whether to use mobile, modern or traditional device management tools.
Once IT departments have gained the much-needed visibility into remote devices, it is easier to control potential weak spots. Cybercrime is not going away, so it is important to safeguard and reduce any potential risks. This can be done through inventory management, ensuring each remote device has anti-virus software deployed and automating patch management and vulnerability scanning. Whether remote devices are corporate owned or personal, each one is an access point that IT departments need to protect against.
If IT teams can easily track inventory, manage and secure mobile devices accessing their campus/school networks then they will be in a far better position to bolster cyber security. By using automation, IT administrators can also remove a lot of the leg work, with the ability to locate or wipe clean devices that are lost or stolen. Automation can also provide the added ability to save pre-configured settings for easy deployment. This will not only give users a quick and easy set up, and ensure the correct access is granted but it will save IT departments from being inundated with simple set up requests. Not every student or staff member is tech savvy and one of the common challenges we have seen during the pandemic is that stretched IT teams are now been pulled even further with requests to help set up devices.
Fundamentally any endpoint from cameras, through to USB sticks or iPhones and laptops can all pose a security challenge. We cannot avoid the rise in remote devices making their way into the classroom, but IT teams can start to secure the network by ensuring they have visibility. In addition, automation is going to be critical in enabling IT teams to meet the ever-intensifying challenge of endpoint management. Those departments that can monitor and have insight into remote devices across their network will be in a fair position to safeguard against cyber security threats.
