How principals can fight back against cyber threats


Technology now underpins virtually every sector and education is no exception.
 
Digital devices are playing an increasingly big role in teaching and learning, and for better or worse, they’re not going away any time soon.
 
However, with the proliferation of new technologies into schools come risks that can have a significant impact not just on the school itself, but everyone in it.
 
Steve McEwan – IT Technical Services Manager at the University of Technology in Sydney (UTS) – told The Educator why principals should pay close attention to such threats, and suggested some ways in which they can better prepare their schools to deal with them.
 
UTS consolidated its IT infrastructure with help from F5 Networks, at the beginning of this year to improve the way it both manages and protects the data it stores.

F5 Networks was able to help UTS consolidate its network using solutions such as Local Traffic Manager, Global Traffic Manager, Application Security Manager and Access Policy Manager.

McEwan said the new system was inspired by UTS’ desire to be ahead of the curve when it came to guarding against ever-increasing cyber threats, such as hacking, spyware and ransomware.
 
“One of the biggest things under threat is schools’ reputations. If you have a hacking incident, it has a massive effect on the school’s reputation, and so principals must make sure their data is protected,” he said.
 
“Geo-blocking is something schools can look into. If you have a country you wouldn’t expect to get traffic from normally, tools like F5 can allow principals to block IP addresses from that country so potential threats are neutralised.”
 
McEwan added that attempts to circumvent schools’ online security software have become more sophisticated in recent months.
 
“The risks are certainly huge, and what’s also concerning is that they’re changing. Every month we see a greater level of sophistication in the ways people are using the Internet to attack schools,” he said.
 
“Principals have to be increasingly flexible and mindful in light of these threats, because the people that are engaging in these attacks are often highly intelligent and want to be one step ahead of the efforts being taken to counteract them.”
 
However, Susan McClean, director of Cyber Safety Solutions, told The Educator that many schools “are mostly oblivious” to these online threats.
 
“They often rely on their governing organisation or an outsourced company to sort it all out and assume it is done. There is little understanding by principals of the risk or how to manage and minimise,” she said.
 
“Principals need to be aware and educated about the real risk and have a good understanding of the online environment.”
 
McLean added that when there is outsourcing of an ICT – or even with an internal IT manager – there must be ongoing conversations about risk, perceived and/or real, processes to prevent and what to do if there is an issue.
 
“Running a problem on the fly won¹t work. You should have a known process in place in case of an issue,” she said.
 
When it comes to mitigating cyber risks, McClean said schools hold a vast amount of information about student, staff and parents which can be useful.
 
“Also most schools have an online payment system so that would be vulnerable to those wanting to steal bank details. There is also the simple risk of stuffing up the school intranet just to upset the school,” she said.
 
“I have seen students access school systems with regularity and often access staff emails and other online files.
 
“I had a Year 8 boy a couple of weeks ago tell me he had accessed the school system which was managed by a well-known external company. When I asked how he did this, he said he found a file called Updated passwords and in it was every password to the whole system.”