Cyber attacks are increasing in severity and regularity, with the Australian Cyber Security Centre (ACSC) receiving 94,000 reports of cyber security incidents in FY 2022-23. With one attack reported every six minutes, Australians are scrutinising the practices and policies of every business, body and institution they engage with; including the educational institutions they enrol their children with. The national cyber security coordinator warns schools could be a major target in future.
EducationDaily spoke with Vijay Sundaram, Zoho’s Chief Strategy Officer, to understand how educators can better safeguard data.
“Unfortunately, businesses are falling desperately short when it comes to their data privacy policies, protections and communication, according to research from Zoho which found that 44.4 per cent of people surveyed have a well-defined, documented and applied customer privacy policy, while 18.4 per cent either don’t have a data privacy policy, or do, but have never updated or reviewed it,” he says.
Schools are a cyber security target
“It’s important to note that any organisation, of any size, in any industry is a potential target. We’ve seen huge breaches hit the likes of Optus and Medibank in recent years, but a family-run small business is susceptible too. Last year, Australia’s national cyber security coordinator said that schools could be the next major at-risk group, citing lean teams and limited resources. That’s because schools are big enough to have a few thousand individuals or devices connected to a network, but too small to have a full-time cyber security expert.”
Sundaram says the Department of Education has a series of policies and guidelines that govern the school systems’ approach to cyber security, which institutions must be compliant with.
“The guidelines also outline best practises for enhancing cyber security in public schools,” he told EducationDaily.
“Protecting sensitive information about students, staff and the institution itself is very important. Private schools must be proactive. They should enforce strong security measures like firewalls and anti-virus applications to protect the school’s network and devices from cyberattacks. Cyber security is a long-term, always-on focus – but there are many immediate protections schools can implement.”
Utilising AI against cyber security threats
Sundaram says multifactor authentication adds an additional layer of protection when users are logging into their accounts, while “strong encryption protocols helps ensure the security of sensitive student and staff data, and AI can be used to clamp down on phishing attacks”.
“Meanwhile layered permission controls ensure teachers and administrators have different levels of access, thereby minimising the risk of a breach by reducing unauthorised access and containing breaches. “
But although installing the right cyber security protection is vital. he says it’s also important to ensure staff and students are adequately trained to use these applications in order to avoid potential security threats.
“Once the applications are installed, schools must perform regular security assessments of the systems and procedures to reduce the risk of data loss during a security breach,” Sundaram told EducationDaily.
“Finally, schools should implement security features that require users to provide multiple forms of identification to verify their identity. While it’s impossible to fully guard against breaches, by adopting proactive measures, being diligent and promoting best practice, schools can drastically decrease their vulnerability.”
An urgent national problem
He believes cyber security is an urgent national problem that requires immediate action. According to Zoho research, fewer than half (46.2 per cent) of businesses – many in the education sector – said that they know exactly what to do if they fell victim to a privacy breach. According to the Australian Government’s Cyber Security Strategy, one cyber crime is reported every six minutes, with ransomware alone causing up to $3 billion in annual damages.
“Cyber attacks are not a new phenomenon, but they’re growing in severity and regularity,” Sundaram told EducationDaily.
“This is why education is essential, not only about the risks, but about the action they must take to improve their safeguards. Zoho’s research showed that one in four businesses wouldn’t survive the reputational or financial damage of a breach. If that’s not warning enough, we don’t know what is.”
But with Australia grappling with a skills shortage in the industry, with a report from AustCyber forecasting that Australia will need at least 17,000 more cyber security experts by 2026, to manage the country’s online security and remain competitive globally, Sundaram says more must be done at a grass-roots level, as a longer-term focus.
“There’s an onus on many stakeholders, from government policy, to education streams and even the tech industry,” he says.
“Cyber security presents a significant opportunity for economic growth and job creation. The Government’s 2023-2030 Australian Cyber Security Strategy, which aims to make Australia a world leader by 2030, reflects a growing demand for action and a commitment to meaningful change in cybersecurity.”
