WatchGuard Blog

81.65% of cyberattacks target schools, how can we make sure hybrid education is secure?

Accelerated digitalization due to the pandemic and the need to adapt quickly to distance learning made schools the perfect target for cybercriminals. Moreover, compared to universities and based on disadvantages in terms of available technology and skills, primary and secondary education was even less prepared to meet the new security challenges posed by increased exposure and heightened risks.    

Cybersecurity industry analysts state that education is the most vulnerable to cyberattacks as 81.65% of malware-related incidents reported in the last 30 days have come from this sector. While it is true that data security is a priority for all sectors, in education it is particularly important to protect sensitive information and user privacy, such as the personal information of students, their families and staff on the full range of devices used.  

Given the landscape in which schools currently operate, where in-person, virtual and personal device-based learning is enabled, what are the main cybersecurity risks affecting this sector? 

  • Ransomware  
  • Data breach 
  • Phishing 
  • DDoS (distributed denial-of-service) attacks  
  • IoT vulnerabilities 
  • Doxing (cyberbullying) 
  • Domain spoofing 
  • EOL (end-of-life) software 

Cyberbullying, a security threat? 

According to UNICEF figures, globally 33% of children between the ages of 12 and 24 have been victims of cyberbullying. Although cyberbullying is not categorized as cybercrime, sometimes that line can be crossed. In more malicious cases, this type of bullying can turn into doxing when the bully manages to break into the victims' email or social media accounts with the aim of publishing their personal information to embarrass them or using malware to break into their device, gaining access to their location or to sensitive information.  

According to Statista data, 6% of users on online platforms have been victims of hackers and 4% have lost control of access to their devices. This shows that online harassment can also become a digital security threat and must be taken into account. 

As being aware of the problem does not make it go away, it is necessary to educate children and teenagers so that they can protect their online safety and prevent a situation that is already unpleasant in itself from becoming even worse. What steps can they take to minimize the threat of a cybersecurity breach

  • Keep software up to date: companies often include security patches and enhancements in software updates.  

  • Create strong passwords: it's important not to limit yourself to using one easy, repeated password for all the accounts you own.  

  • Be on the lookout for scams: avoid clicking on a link if the source is not clear. In addition, it is important to never give out personal information by phone or text message when dealing with an unknown number or automated call.  

How to achieve hybrid and secure education 

Schools, with the hundreds of students and teachers who must securely access the network from wherever they are, are a very demanding network environment and must be protected. Fortunately, there are a series of actions and tools that help mitigate online risks for educational institutions:  

  • Focus efforts on staff training in basic cybersecurity principles and make sure they understand the need to carry out certain protocols when it comes to data protection.  

  • Appoint a cybersecurity manager to ensure that good practices are maintained, with regular audits and a reporting process in place to flag up any issues or potential breaches. 

  • Install a unified security solution that protects environments, users and devices, is easy to implement and use, and prevents potential attacks at any stage.  

  • Encrypt and back up systems to ensure that data can be recovered in the event of a cyber breach. 

  • Set up secure Wi-Fi networks that use VPN for all Internet connections.  

There are many advantages to digitalization in education, but those advantages can be threatened by poor cybersecurity. Training in this area is important, as is the implementation by IT managers of new solutions that protect users and allow them to take advantage of all the opportunities that technology can provide.