Covid 19 changed a lot of things for us. Driving a drastic shift at the most fundamental level, the pandemic and the lockdown that followed – influenced how we work, shop, and even celebrate life events. One other area that saw a major change was how our children accessed education and learned.
With growing concerns about the spread of the virus, schools and educational institutions needed to innovate quickly to reach every student, no matter where they were located. At the same time, we also saw a quick rise in the number of direct-to-customer Edtech platforms, with several innovative ideas aimed at making learning fun, engaging, and helpful – even in the remote setup.
As the educational sector tries to cope with the day-to-day hustle of bringing learning to every doorstep – there is one aspect that is easy to lose sight of. The most vulnerable of us all – children – could be exposed to threats in this digital space as well. In a recent data breach targeting the Edtech platform, Unacademy, personal data of over 20 million students was exposed. It was later found that the information was offered for sale on the dark web for as little as USD 2000.
While on one hand, these numbers in themselves seem overwhelming – what is scarier is that the data included details of school-going children, who could easily be targeted by attackers. Ranging from benign advertising and marketing campaigns to phishing attacks and identity theft – this stolen information could be the source for several types of vicious proclivities.
What types of attacks?
The sudden and blanket shift to remote learning across schools, locations, and age-groups has suddenly opened up several loopholes across the educational infrastructure. Some of the common types of attacks that have been witnessed include –
- Phishing attacks: While they’re digital natives, children are still prone to fall victim to phishing attacks where the attacker disguises a fake email or notification to look like a real one and collects private information. These kinds of attacks are very common on Edtech platforms as cybercriminals take children to be easy targets.
- Ransomware attacks: By gaining complete control over Edtech platforms, and demanding a ransom to hand control back to the owner – cybercriminals have been able to corner educational institutions by threatening to undermine the reputation of their business if they do not pay up the ransom. As they need to continue delivering lessons online for the sake of their students, educational institutions are compelled to give in to these outlandish ransom demands, or else they risk a complete shutdown.
- Data breaches through unauthorized access: Launching direct attacks on the school databases and digital infrastructure, malicious parties gain access to personal and private information of their students, staff as well as parents. This information could not only involve identity details but also financial data relating to payments made to the school. Such data could further be used to launch several kinds of attacks including identity and monetary theft.
How can Edtech platforms, schools, and educational institutions stay protected?
The first step in protecting your data, infrastructure, and students from cyberattacks is to acknowledge this very real threat and the fact that no organization is too big or small to be targeted.
Next, every educational institution that delivers any amount of digital learning to their students should prioritize cybersecurity as a core-investment, and not just an expense.
- Embrace technology: Investing in cybersecurity is an organizational need, not just an expense. The future of your organization and the safety of your students depend on building a robust, secure environment where they can learn with confidence.
- Work with an expert partner: Cyber-threats evolve by the day. It is important to partner with a cyber-security expert, such as Entersoft – to envision and build a strong cyber-defense methodology that not only keeps you abreast of the latest threats, but also helps stay ahead of the curve, and preempt attacks even before they occur.
- Build a cyber-response strategy: While it is crucial that you have a mechanism to prevent attacks in place, it is still possible that an attack occurs. In that event, it is critical to the continuance of your organization that you have a quick-response mechanism in place that will ensure that the damage because of a cyber-attack is minimized, and the infrastructure doesn’t crumble under the pressure of an attack.
- Foster a culture of cyber-security and awareness: At the foundation of all this, is the need to adopt a culture of security – where every student, teacher, and support-staff member is adequately informed about the possibility of a cyber-attack on a regular basis and is trained to identify an attack and report it, as soon as they notice an anomaly, especially cases such as phishing and spear-phishing attacks. They must be trained to stay vigilant and support the cybersecurity efforts of the organization, for everyone’s well-being.
While we have seen high volumes and a variety of attacks targeting educational institutions and Edtech businesses in the last year, the worst is not yet over. Threats continue to evolve both in complexity as well as numbers – and the year ahead is going to be a challenging one for organizations in this space.
This doesn’t mean you should panic. But, it is urgent and important to systematically invest in a strong cybersecurity system as well as into fostering a culture of cybersecurity amongst the younger generation. It is our responsibility to provide a safe and secure environment for our children to study, learn, and grow up in – in the physical world as well as the digital world. And the efforts need to begin today.
Do you work with an educational institution or Edtech business, and want to explore the right cybersecurity strategy for your organization? Write to us at [email protected] and we could help you keep your students secure.