Cyber Security in Education

Universities, colleges, schools and other educational institutions collect vast quantities of sensitive information such as student records, credit card details, academic transcripts and research data, which they have a legal and ethical obligation to protect.

As attacks become increasingly targeted and well-funded, many organisations within the educational services sector can struggle to adequately protect themselves.

Common cyber security challenges faced by the education sector include

  • •   Protecting large, decentralised and fractured IT estates
  • •   Juggling conflicts between academic openness and information security
  • •   Balancing tight budgetary pressures and competing educational priorities
  • •   Mitigating a rise in cyber-espionage and DDoS attacks
  • •   Complying with PCI DSS, the GDPR and other data security standards
  • •   Overcoming a lack of in-house security skills and resources
Key security questions for education providers
  • •   How often are networks and applications tested for vulnerabilities?

  • •   Are suitable controls in place to prevent sophisticated threats?

  • •   Are systems able to identify threats that bypass the perimeter?

  • •   Is there a plan in place to detect, remediate and report breaches?

  • •   How regularly are systems backed up to mitigate ransomware?

  • •   How is staff and student personal data processed and protected?

  • •   What systems and controls are in place to mitigate insider threats?

  • •   Is payment processing PCI DSS compliant?