Educational institutions that lack safeguards risk falling enrolment, study shows
Toronto/Calgary/Ottawa – September 29, 2022 – With the rise in online learning, a recent poll reveals that more than three quarters (76%) of Canadian post-secondary students surveyed are concerned about cyber safety – up 10% from pre-pandemic times. And the majority (79%) feel their university or college should be responsible for protecting students from cyber attacks. In fact, nearly half (46%) of those queried say it would influence their decision to attend a university or college if the school was known to have experienced a data breach or had a reputation for weak cybersecurity.
Conducted in September by members of the Angus Reid Forum on behalf of ISA Cybersecurity, Canada’s leading cybersecurity-focused company, the study polled 353 university and college students across the country about their views on cyber safety and preparedness pre- and post-pandemic.
“Cybersecurity is the latest challenge facing higher education institutions, with many students putting the onus on their schools to keep them cyber safe,” said Kevin Dawson, President and CEO of ISA Cybersecurity. “Interestingly, 44% of respondents say their school doesn’t provide enough training and resources to help ensure students’ personal information is protected from threats, yet only 49% say they follow the guidelines that their academic institutions do put out.”
The study follows a recent report by IBM Security X-Force that shows the percentage of ransomware attacks against the education sector more than doubled globally from 10% in 2020 to 22% 2021.
“With the rise in cyber attacks, it’s understandable that concern about data breaches in the education sector is high,” said Dawson, referring to the survey which shows more than half (55%) of respondents are concerned about their school experiencing a data breach and their personal information being exposed.
“What’s eye-opening is that nearly one in three (31%) students indicated that they’re not confident their university or college keeps their data secure and protected from hackers,” he added, explaining that his organization is collaborating with IBM Security to help protect educational institutions from cyber threats.
“For schools, a large barrier to strengthening their cybersecurity posture often comes down to constrained budgets, which financially-motivated cyber criminals bet on,” said Charles Henderson, Global Managing Partner and Head of IBM Security X-Force. “By pursuing targets with lower defenses, attackers can reap quick rewards and yield a higher return. The extreme added pressure schools experience during a ransomware attack is a profitable wager for the bad guys are willing to gamble on.”
Other highlights of the study include:
- Nearly all students surveyed (96%) say it’s important for students to learn about cyber safety.
- Respondents are split as to whether they feel prepared to protect themselves from cyberattacks, with 52% feeling prepared and 48% unprepared. Males (60%) are significantly more likely than females (46%) to feel equipped for a cyber attack.
- About two-thirds (63%) of students surveyed have taken steps to minimize their risk of cyber attacks. These steps include increasing their computers’ security features (70%), following guidelines put out by their academic institution (49%), and reading articles or books on how to minimize their risk (29%).
- While the majority of those queried are taking steps to reduce their risk, one-quarter (26%) say they don’t think twice about providing personal information online to their university or college.
“To effectively protect against the growing threat of cyber attacks on educational institutions, both students and educational institutions must take steps to guard themselves from being hacked,” said Dawson, explaining that efforts by both groups will significantly reduce ramifications in the event of an attack. He offers the following tips:
- Use multi-factor authentication whenever possible. Create strong passwords or phrases, and never re-use passwords: if hackers steal one password, they will try to use it on your other accounts.
- Keep computers and mobile devices updated with new versions of software as they come out. Consider setting your devices to auto-update to avoid missing patches.
- Use a VPN to establish a secure, encrypted channel to protect your data – especially on public Wi-Fi networks.
- Stay up to date on the latest phishing scams, fake websites and other social engineering attacks. Maintain a healthy suspicion of unsolicited or unexpected emails, texts or calls.
- Use the cloud or maintain regular, current backups of your data in case your device gets lost or stolen, or your files become corrupted.
- Don’t over-share information on social media. Pet names, important dates, addresses, and even personal items in the background of a picture can all be used by cyber criminals to guess passwords, develop convincing phishing emails, or steal your identity.
For educational institutions:
- Document your IT policies and procedures, which are essential to set user expectations and acceptable behaviours. Ensure that a tested incident response plan is a key part of your procedure framework so you can respond quickly and effectively in case of an attack.
- Educate your staff and students, and provide regular security awareness training and testing of those skills. People are your first line of defense against many forms of cyberattack.
- Implement multi-factor authentication (MFA). Passwords are not enough – MFA is the single biggest defensive improvement you can make to protect your systems, even if passwords are hacked.
- Maintain robust patch management and backups. Many cyber breaches exploit already-known and fixable vulnerabilities in systems. Use an asset management system to keep track of your fleet of devices and ensure they are always patched and up to date to defend against attacks. If the worst happens, a tested backup of your system may be all that stands between you and a ransom payment.
- Implement endpoint protection. Modern endpoint protection software goes way beyond yesterday’s anti-malware software, protecting you against both known and unknown threat patterns.
- Implement a security information and event management (SIEM) program, which is vital to watch for irregularities on your network that could signal problems – both inadvertent and malicious. Plus, a SIEM is required for cyber insurability and many compliance regimes. Many schools look to business partners to provide 24×7, hosted/managed services.
For more information, and details about how ISA Cybersecurity and IBM Security are working together to help safeguard educational institutions from cyber attacks – visit www.isacybersecurity.com.