The state of cybersecurity in Australia’s education sector

Introduction
Cybercriminals only grow smarter as time goes on, and it seems that no one – no individual, company, or government – is ever prepared for the latest attack. Unfortunately, Australia is no different.

Australia shares a troubled history of cyber-attacks, from data breaches to state-sponsored attacks. And these attacks have only worsened since the move to remote working in response due to the pandemic. But how big of a threat are these attacks? Better yet, what cyber-threats threaten Australia’s education sector?

The cyber-threats plaguing Australia

Data breaches
Data breaches affect every rung of the ladder, from the principal to the teachers to the common student. In data breaches, cybercriminals leak and/or steal personal information. We see data breaches occur all over the world, but Australia seems to be receiving the brunt of it.

A study done by Barracuda Networks indicates that 36% of organizations in Australia has suffered from at least one data breach since the move to remote working, so it’s clear that the threat of data breaches looms over the education sector.

Phishing attacks
The same study by Barracuda Networks also indicated that 45% of employees have experienced email phishing attacks since the move to remote working. Phishing email attacks being, of course, the process of cybercriminals sending out emails to people in order to extract personal, financial, or confidential information.

Thousands of people fall for phishing attacks every year, and the education sector is no stranger to phishing. It’s imperative that faculty and students both be on the lookout for potential phishing attacks.

State-sponsored threats
The spread of technology the past two decades has allowed not only cybercriminals to cause chaos, but businesses and governments themselves as well. These threats are known as “state-sponsored attacks”, and Australia is no stranger to this type of attack.

It was only earlier this year that Prime Minister Scott Morrison announced that a nation-wide cyberattack was being considered as a state-sponsored attack, being careful not to reveal who. This attack affected many of Australia’s industries, including the education sector.

5 ways for teachers and students to protect themselves 

Use a VPN
Many schools use unencrypted networks to allow both students and faculty use of the network for lessons. Unfortunately, unencrypted networks are security hazards, and it wouldn’t take much for cybercriminals to work their way into the network.

Encrypting a network is easily done, however. A VPN will encrypt any data devices sent out, especially if included in a router, by hiding the IP address(es) and routing the data through the VPN’s servers.

Use two-factor authentication
Unsecured accounts represent an “in” for many hackers, so it’s vital these accounts are protected. This is especially true if your school uses an online system to grade, check work, and/or allow students to view their assignments and grades.

Two-factor authentication allows accounts to be protected through phone and email along with a password. This way, hackers won’t be able to crack a password and have full access.

Subscribe to secure email services
Secure communication is vital when discussing students, their grades, and their performance – all of this can be considered vital information. This is why faculty should subscribe to one, secure email service.

Many secure email services exist, so it’s just a game of choosing the right one for your needs. These email services encrypt email communication and allow for stronger security than basic services such as Gmail.

Install account breach monitoring software
Certain services allow businesses and schools to monitor for any suspicious activity and compromised accounts. These services, known as account breach monitoring programs, promise quick, thorough detection for all accounts covered with the software.

Educate students and faculty on cyber-etiquetteMany cyber-attacks happen due to user error; somewhere in the network was a backdoor that could have been prevented with routine maintenance or proper setup. This is why you should educate yourself and anyone you can during the day about how to practice proper cybersecurity.