Since the new GDPR was put in place earlier this year, data protection has been a popular topic, with huge companies like Adidas and FedEx making the news with devastating data breaches, finally pushing companies and individuals alike to take more care with their sensitive information and educate themselves of the risks that come with working online. However, it seems that educators are falling behind in this area, with half of UK teachers admitting they knew less about IT than their own students, and 26% claiming their school lacked some of the most basic cyber security measures.
The most common causes of data breaches within any sector are human error and cyber attacks. A breach caused by human error is usually a 'simple mistake' due to a lack of IT knowledge, or just a lack of care - an example of this being the Greenwich University breach from 2004 which led to a fine of £120,000 this year after the personal information of nearly 20,000 students was placed online and left unsecured by accident. This information included names, addresses, phone numbers, signatures, and even details of physical and mental health problems. Similar examples from this year include the Rochester School breach, which involved a lost USB stick containing the information of 1,000 students, and on a smaller level the Hillsview Academy breach, which saw a mailroom mix-up lead to the personal details of 100 students being sent to the wrong addresses.
A breach caused by a cyber attack is a bit more complicated, however, as they are often caused by both a lack of security systems or procedures, as well as human error as attackers often rely on manipulating the user into giving away their details or network access themselves. Towards the end of last year hackers began targeting private schools within the UK with weak security systems, using phishing attacks to gather private information that was then used to target parents with convincing invoices, affecting at least 6 different schools.
Complying with GDPR and protecting sensitive student information can easily be done, with just a bit more awareness and improved security systems focusing on more vulnerable areas. Email, for example, is the most common delivery method for cyber attacks, as well as an everyday method of communication for most educators, which of course can include discussions of private information. Altinet's Managed Email Security offers email encryption to keep data protected and completely unreadable without the intended recipient's decryption key, as well as advanced threat protection to combat targeted zero-hour attacks as well as ransomware.