Hybrid and remote learning models have exposed the education sector to a plethora of attacks that exploit unmanaged and unsecured accounts. Steven Hope, CEO, Authlogics, shares his take on how the education sector can better protect itself from growing threats through the right authentication strategies without compromising the learning experience.
The swift move to remote learning due to the COVID-19 pandemic drastically affected the education system. Teaching and learning were thrown into chaos when what used to be packed lecture theaters and classrooms were left empty, and chat rooms and video calls replaced whiteboards and face-to-face teaching.Â Â
The speed of this shift put the education sector at risk as everything moved online, often disregarding proper security measures to accelerate the process. Thousands of new accounts had to be created to facilitate online learning, and this number is only set to grow as, in many cases, full-time, in-person teaching has yet to return.Â Even two years into the pandemic, many institutions, unfortunately, lack the correct cybersecurity rating needed for hybrid work environments. Consequently, these new and vulnerable accounts lack visibility and provide threat actors with easy access to the systems and networks of educational facilities.Â Â
The Problem with Unmanaged AccountsÂ
Whether students are physically attending classes or learning online, they have had to (or still need to) create an account to access their online profiles. Platforms such as Moodle or Blackboard require a password, which unfortunately doesn’t provide sufficient protection for an account. What’s worse is that most individuals use the same password across multiple, if not all, accounts.Â A study by Google in collaboration with Harris PollOpens a new window found that a worrying 52% of individuals tend to reuse their passwords across multiple accounts, and 13% go even beyond that, securing all their accounts with the same password.
In addition, a 2019 study conducted by Digital GuardiansOpens a new window revealed that the average Internet user possesses approximately 90 different accounts â€“ all of which need authenticating. Frankly, this makes it practically impossible to remember all passwords and manage all individual accounts.Â Because the 18-24 age group makes up the majority of users with bad password practices, educational facilities such as Universities are left highly vulnerable to breaches.
With these statistics in mind, if students or staff are reusing passwords across their accounts, a breach of their personal accounts would create a ripple effect, giving the threat actors access to their educational accounts as well. Last year, account compromise was one of the most common attack vectors across the UK education sector.Â Â
This creates an issue for education organizations as they store a multitude of personal information on students and staff, including addresses, email addresses, and even credit card details for fees. This not only makes them a target for conventional cybercrime but also poses a privacy issue concerning child protection. In the most sinister cases, this plethora of information opens up the possibility for cybercriminals to create a â€˜blank slate’ which means that a threat-actor can use a child’s information to create a fraudulent identity for their financial gain.
How Can the Education Sector Protect Itself?Â
There are some traditional security practices that organizations in the education sector can follow to protect themselves better. One of these is replacing the traditional password system with a form of multi-factor authentication (MFA) that is pattern-based. Thus, creating a solution that provides improved security over passwords and a better user experience by utilizing patterns and shapes rather than letters, numbers, and words.Â
Additionally, using a password security management system would identify and remediate breached passwords, ensuring that they are all safe and secure and compliant with the latest security regulations.Â
Ultimately, a passwordless approach would be the safest and most efficient way forward. However, while this is not yet a reality, MFA provides the most secure practice for safe authentication. Seeing as hybrid and remote learning is set to continue, educational institutions must implement efficient and secure authentication as soon as possible. Threat actors will continue to exploit unmanaged and unprotected accounts for their benefit, which is why it is so crucial to put barriers in place to stop them from accessing networks and confidential information.Â
Do you think going passwordless is the next step in securing the education sector? Share with us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to know what you think!
MORE ON SECURITY THREATS:Â