There has been a lot press recently about cybersecurity issues affecting Australian institutions, especially those which hold sensitive information.
The Federal Government has encouraged all organisations to take precautions and implement technical defences to protect themselves. Through a dedicated website, it offers advice tailored to organisations of all kinds.1
Education institutions are far from immune to such issues. Fortinet, a leading player in cybersecurity globally, pointed out in May that the education sector is actually becoming a preferred target.2
Closer to home, the Office of the Australian Information Commissioner has stated that the private education sector is currently the fourth-largest victim of data breaches.3
The reasons for this are not difficult to identify. Schools hold highly sensitive data points for staff, parents and students. At the same time, many schools have done relatively little to secure networks and data.
Quite understandably, too, most of those working in the sector are only broadly aware of the security risks that 24/7 access can bring (especially with little to no supervision).
During last year, the parents of students at one Western Australian private school were advised “to treat every email as suspicious, monitor accounts closely for strange transactions, and contact their banks for advice on money protection”.
The school involved had been the target of a “sophisticated and automated” 4-day cyber-attack resulting in confirmed data breaches. In short, it was every school’s nightmare.4
Perhaps as alarmingly, Year 5 students at a Queensland school during the Covid-19 lockdown were shown pornography when at-home lessons using Zoom were hacked.5
Fortinet states: “Hacking has become much more sophisticated and lethal. More than half of all attacks are managed by cybercrime organizations that are better organized than most companies.”6
A percentage of breaches, however, come from proficient amateurs. School students have been known to breach security to alter grades or attendance records.7
Any policeman will tell you that if someone really wants to break into your house, it’s going to be very hard to stop them. But what you can do is upgrade protection to increase the likelihood that miscreants look somewhere else.
The same applies to looking after school’s online environment. The key to this, as with your own health, is education and prevention. It’s important to train your school staff on how to recognise and avoid the most common online threats (scams, phishing,ransomware and malware and so on).
Massimo Galardi, Digital Services Director at Next Learning, also emphasises the need to review school systems to prevent or mitigate damages.
“As risks increase, so also the burden on schools increases,” Galardi says. “That’s making it cost-effective for schools to outsource expertise in the area.”
Next Learning offers consultancy services and free assessments of school websites. It has recently launched a suite of web care plans, which ensure back-up and enable your provider to take care of security issues for you.
To find out more call 1300 457 122 or email firstname.lastname@example.org.
- See www.cyber.gov.au/acsc/view-all-content/advice.
- Fortinet white paper, ‘Mapping the Ransomware Landscape: Understanding the scope and sophistication of the threat’, 29 May 2020, at fortinet.com/content/dam/fortinet/assets/white-papers/WP-Mapping-The-Ransomware-Landscape.pdf
- Geraldton Guardian, 20 June 2019
- ‘Coronavirus Australia: Queensland school children shown porn in hacking of Zoom online classes’, 27 April 2020, at 7news.com.au/lifestyle/health-wellbeing.
- D.J. Pereira dos Santos and J. Walker, ‘Key Takeaways from Years of Battling Cyber Threats’, Fortinet blog, 22 June 2020 at fortinet.com/blog/industry-trends.
- See, for example, J.R. Young and T. Wan, ‘A Bored Student Hacked His School’s Systems: Will the Edtech Industry Pay Attention?’, 10 September 2019, at https://www.edsurge.com/news/2019-09-10.