Check out the most common data security errors schools and colleges make…and how to prevent them!
"After Healthcare, Education is the most targetted industry by cyber criminals"
Verizon 2021 Data Breach Investigation Report
This year alone, 75% of Irish organisations experienced cyber attacks. The recent ransomware attack on the HSE has highlighted just how easy it is for cyber criminals to gain access to an organisations’ data, causing distress and leaving vulnerable people’s sensitive information in the wrong hands. But what can schools and colleges do to prevent this?
Having spent the past 20 years securely setting up and managing the Office 365 platforms of hundreds of schools and colleges to prevent cyber attacks, the same security weaknesses present themselves time and time again. In this blog I outline the key security risks all schools and colleges should be aware of with the steps needed to prevent data and security breaches from taking place.
See how secure your school's cloud platform really is!
Our engineers have created a school security survey to allow schools to assess which areas they most need to focus on. Click here and take 1 minute to complete this short survey:
Created by our school engineers based on the most common school security issues, download our School Security Top Tips.
School Security Risk Number 1 – Not Configuring the School’s Communication and Collaboration Platform
Office 365 gives schools great features and functionality for communication, collaboration and teaching and learning but, like any cloud-based system, it needs to be securely configured to ensure that students and staff are working in a safe environment.
The main areas to focus on are email and collaboration solutions such as Microsoft Teams and Microsoft OneDrive. These are the services that are most at risk if not correctly configured and are constantly being updated with new features and functionality that many schools are not aware of.
One school in the south-west of Ireland contacted Wriggle Learning after students had shared a link to one of their class meetings on social media. Several external people then used the link to join the class meeting and caused disruption before the teacher was able to remove them. We worked with the school to configure their meeting options and policies to ensure that all teachers had complete control over the people joining their online classes and to put procedures in place to prevent this from happening again. This emergency response was completed within the same school day and all staff and students were protected within hours of the original incident.
Unfortunately these kind of disruptions have been all too common in schools over the past 18 months but luckily there are some simple steps schools can take to prevent this:
Wriggle’s cloud service team have put in place and managed the Microsoft Teams policies of hundreds of schools to ensure that only students can access their class meetings and that Microsoft Teams is a safe, secure, and reliable environment in which to communicate and collaborate with staff, parents and students.
Talk to one of our experts today to see how we can assist your school with securely setting up and managing your school’s Microsoft Teams and OneDrive accounts.
Security Risk Number 2 – Not Securing School Email Accounts
Phishing attacks are responsible for 93% of all cyber attacks. These attacks generally happen via email and can leave schools and colleges wide open to all of their credentials and personal data being stolen or leaked.
In another school that our team encountered, a student email account was phished and was used to relay spam mail to hundreds of external contacts within the school community. This caused a chain reaction where the recipients responded to the spam mail, causing more and more accounts to be compromised and leaving the school significantly exposed. Wriggle Learning’s engineers traced the original attack back to its source, locked down all exposed accounts and retrieved the situation within a few hours of the original breach. Policies were then put in place to strengthen defences to phishing attacks in the school to ensure that a similar event would be prevented in the future.
In the case of this and other phishing attacks on schools, the key steps our engineering team took were to:
Not all types of anti-spam software prevent phishing and other attacks on school accounts. If you’re not sure whether your school’s security software protects your school accounts sufficiently, talk to one of our experienced engineers today.
Key Security Risk Number 3 – Not Configuring the School’s Data Sharing Options
Schools have access to the personal data of every family and staff member within their school community, including financial, medical or psychological information on many students. Not all staff need to have access to this information and yet many schools have no policy or settings put in place to separate school data and ensure that it cannot be shared by a third party.
To secure a school’s data sharing options, the Wriggle engineering team take steps to ensure that:
This blog highlights just three of the most common security risks encountered in schools each year. For further information on how to ensure the correct settings are in place in your school or college to prevent data breaches or cyber attacks, download our Education Engineers' Top Security Tips for Schools and Colleges.
See how secure your school's cloud platform really is:
Fintan is the Cloud Services and Office365 Lead at Wriggle Learning. With over 20 years’ experience delivering software solutions for teaching and learning, Fintan helps customers securely setup, manage and get the best use from the Office365 suite and Cloud Services for education.
Is your school’s Office 365 platform set up safely and ready for the new academic year?
Talk to one of our experts today to get your school’s security settings in order.