Ransomware and Collection of Sensitive Information at Schools – the Amount of Data Concerns in Education is Growing.
According to Sophos’ State of Ransomware 2023 report, the education sector faced a significantly higher impact from ransomware compared to other sectors. Based on survey data from over 3,000 IT professionals, the report revealed that 66% of organisations experienced a ransomware attack last year. In the PreK-12 sector, the percentage rose to 80%, while higher education closely followed at 79%. Financially, organisations that did not pay the ransom incurred an average data recovery cost of $375,000, while those who paid faced double the cost at $750,000. You can find more highlights from the report described by David Nagel in his article.
In the education sector, collecting students’ data is another growing concern. Over the past four years, the number of ed-tech products used by schools each month has tripled, surpassing 1,400 tools. Unfortunately, these companies often mishandle sensitive student information, with 96% of apps used by U.S. educational institutions sharing data with third parties, including advertisers, without proper knowledge or consent. Read more about the data collection worries and the progress on preventing solutions.
Cirrus places great importance on information security, and our ISO certification ensures that we continuously improve and stay vigilant in the face of future data security threats. How? By prioritising data security awareness throughout Cirrus: We regularly train all employees in new data security best practices, and how to prevent, mitigate or respond to potential threats. Most importantly, we continuously check that everyone adheres to these best practices during the course of their work.
How to Enhance Your Digital Security: 7 Essential Steps
The importance of the human factor in digital security cannot be overstated, as anyone within an organisation can potentially become its weakest link. In order to safeguard your professional and private assets, we would like to offer some valuable tips to enhance your digital security.
- Updating your devices
Keep all your devices up-to-date by enabling automatic updates and applying available updates promptly, particularly in response to vulnerability alerts.
- Storing data
Utilise cloud services to store your data securely which is also preferable over paper documents. If you must handle printed materials containing highly confidential information, ensure they are thoroughly shredded before disposal. Minimise the retention period for customer data to the period necessary in your organisation and use specialised programs to wipe files from your devices securely.
- Sending data
Be cautious when using emails, as they are not inherently secure, and open attachments only after verifying the email’s validity. Always report phishing attempts and ignore chain emails. Avoid sending sensitive information without employing password-protected strong encryption. In addition, encrypt files containing sensitive information both during transmission and storage. Guarantee that all your devices employ strong encryption on their hard disks.
- Presenting your screen
Be careful while presenting your screen during online meetings. Share only a tab or window containing the meeting content to prevent exposing sensitive data. Additionally, close email and messaging applications, or disable notifications during the presentation.
- Safeguarding your devices
Safeguard all your devices, including mobile devices, from malware by following these best practices:
- Avoid storing passwords, keys, and tokens in plain text.
- Utilise a secure Parameter Store, such as Vault.
- Implement two-factor authentication.
- Install device management software to maintain control over your devices.
- Always lock your computer screen, even during short absences like lunch breaks.
- Working remotely
Ensure privacy while working outside the office by preventing strangers from viewing your screen. Avoid using public USB ports for charging and do not permit “data connections”, as this can potentially be used to transfer data between your device and the connected port. Malicious actors may use techniques like “juice hacking” to steal your sensitive information or install malware onto your device.
- Social networks
Recognise the potential risks associated with social networks which have become an integral part of our lives:
- Use strong and unique passwords and avoid reusing passwords across multiple platforms to minimise the impact of a potential data breach.
- Add an extra layer of security and enable two-factor authentication (2FA): Enable 2FA for your social network accounts every time it is possible.
- Accept friend requests or establish connections only with individuals you know and trust. Be vigilant of suspicious profiles or requests from unknown people or companies, as they may contain attempts to gather personal information or engage you in fraudulent activities.
- Review your friends or connections list regularly and remove any unfamiliar or suspicious individuals and organisations. This helps to ensure that you maintain a network of trusted connections and reduce the risk of potentially malicious activity.
- Check and customise your privacy settings on your social network accounts regularly. Limit the visibility of your posts, personal information, and contact details to trusted connections and choose who can view your profile and posts regularly.
- Be cautious when granting permissions to third-party applications that request access to your social network accounts. Review the permissions they request and grant access only to applications from trusted sources.
It is crucial to report any security incidents to the designated person responsible for cyber security in your organisation.
In conclusion, enhancing your digital security is of utmost importance in today’s world, considering the rising threats of ransomware and the growing concerns surrounding the collection of sensitive information, particularly in the education sector. Following the guidelines above will go a long way toward shoring up your organisational and personal digital security.