South Africa is the third most targeted country globally when it comes to cyber attacks and while private companies and government organisations are often in the spotlight, the severity of the threat is no different for the education sector. Institutions of learning must take several steps to mitigate against these threats, failing which they risk becoming soft targets for cyber criminals.
The country’s universities, colleges and schools are a mining heaven for cyber attackers as these institutions store confidential data of several stakeholders, including staff, students and their parents/ guardians. This includes ID numbers, contact details, addresses, parents; banking details and more. Increasingly, cyber attacks are targeted at people and not the IT systems themselves, with the most common threat being phishing attacks distributed through emails.
During the Covid pandemic and resulting lockdowns, local Technical Vocational Education and Training (TVET) colleges were forced to make more online systems available for students in order to ensure that learning and teaching continued and the academic year was salvaged. Post-lockdown, the Department of Higher Education and Training (DHET) has called on all learning institutions to move toward a blended learning environment – an educational model that combines traditional in-classroom learning and remote online lessons. This in order to ensure that all students can continue with their studies even during disruptions.
This has seen the security risks increased immensely, not only because education institutions have more data online, but because we now also have thousands of student devices that are connected to the institution’s campus IT infrastructure. With hacking tools and guides freely available online, the administration systems of colleges are vulnerable to attack without a well-thought-out and implemented cybersecurity strategy.
7 ways to improve security
While the threats are not unique to South Africa, unless local education institutions decide to take action, they will end up as soft targets. Here are 7 ways in which colleges can improve their security:
- The first step to addressing this challenge is to create awareness among all stakeholders, especially students, lecturers and staff. This can be done by including cybersecurity training in institutions onboarding training. Such training is not only beneficial for the education institution, but is also extremely beneficial for the participants to practise safer behaviour online even in their personal lives. An effective way to improve user training and to test for vulnerabilities against new threats can be through various attack simulation training.
- Training should also consist of making the participants aware of relevant regulations such as the Protection of Personal Information Act (POPIA) – what it entails, how it applies to them, how to ensure compliance and what the penalties for failing to adhere to the act are.
- Most educational institutions in South Africa have a good working relationship with Microsoft and make use of the Microsoft 365 platform. As such they should leverage the many tools that are present within the company’s offering, such as security and compliance manager, in order to address some of these vulnerabilities.
- With growing instances of phishing and social engineering attacks aimed at compromising people’s passwords, multi factor authentication (MFA) is now a fundamental and non-negotiable feature that needs to be implemented for all users with access to any of the institution’s systems and infrastructure. With MFA, users need a phone number or authentication app connected to their username and password; every time they sign into the institution’s systems, it will send them a code that helps them verify that it is in fact them who are signing in at any given time.
- Making use of a feature called Single Sign On (SSO) ensures that all of the institution’s systems use the same authentication methods and level of security while also making life easier for users as they only have to remember one username and password to sign in on any system.
- Artificial intelligence (AI) and machine learning (ML) technologies have become critical to today’s information technology by removing the human factor – but in a good way. They can analyse and identify millions of events and threats in a fraction of time as compared to humans. In addition, they learn over time and build profiles on users, assets and campus infrastructure, allowing AI-enabled security solutions to detect and respond to activities that are identified as outside the norm.
- In the longer term, colleges can look at implementing a well-thought-out cloud infrastructure strategy, where they start relocating some or all of their data to a cloud data centre. Not only does this add further layers of cyber security, but it also contributes to improving physical security as institutions no longer have to worry about the safety of their IT infrastructure, loadshedding or even occurrences such as hardware failure.
Ultimately, education institutions should strive to build a strong security culture that focuses on how people – be it students, lecturers or admin staff – respond to actual and simulated threats, as well as to understand how these very stakeholders feel about the college’s cyber security culture and how they fit in it.
Technology continues to move at a swift pace and quickens year after year, making it a substantial taks to stay current in all aspects of information technology while still focusing on why your organisation exists. Fortunately, the solution is as simple as partnering with an industry expert – not only in IT but also education – is integral to ensuring that your organisation is secure, stays at the forefront and is supported in its digital transformation strategy.
Is your TVET college looking to improve its cybersecurity posture? Contact VastraTech today.