3 minute read
Expert Panel: Cyber Security
by PSI Media
EXPERT PANEL
CYBER SECURITY
Education settings have a wealth of personal and financial data that is valuable to cyber criminals. But often, schools don’t have the time, know-how or resources to adequately protect themselves. We ask our expert panelists why schools need to become more savvy in this area, as well as what a robust cyber security policy or management plan should include
Russell set up the business to provide services to new and existing clients as well as act as a leader, mentor and coach to the team delivering voice, mobile, data, IT, security and energy products to the B2B market. All whilst holding up their core business values and building their brand and reputation along the way.
Obsessive about imaging quality, Matt works with a range of different partners on a B2B and C2B level, striving to ensure that their market leading hardware can deliver the best possible user experience for their customer base.
Paul Day, technical director, Filestream
As technical director, Paul has personally set up document management software systems for a number of schools and colleges, so he understands the challenges, barriers and processes within the education sector. With over 26 years of experience in the document management sector Paul is very conscious of the importance of data protection and security and is a certified EU GDPR practitioner. E
According to last year’s Department for Education Cyber Security Breaches survey, 84 per cent of 49 primary schools had experienced a phishing attack in the previous 12 months. Meanwhile, 86 per cent of 91 secondary schools suffered from the same type attack. These figures are high and demonstrate that education settings are desirable targets for cyber criminals.
Our Panel of Experts is comprised of Paul Day, technical director of Filestream, Russell Clarke, managing director of Cloud Voice and Data, and Matt Smith, channel development manager at Fujitsu PFU (EMEA). All with specialist areas, they work as a group to help education settings protect themselves from cyber attacks. We asked them about the types of cyber crime that schools can fall victim to, as well as the solutions to protect themselves.
What type of data do education providers hold that would be of interest to a cyber criminal, and why is it so important to protect?
School systems are a treasure trove of valuable and ransomable information. Schools and universities house extensive personal data on faculty, students, and alumni, the type of information cyber criminals dream of capturing. Their key aim is to alter or infect data for their selfish interests.
What are the most common type of cyber attacks on primary and secondary schools?
Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware.
But one of the greatest cybersecurity threats is, probably, human nature.
How important is it for schools to manage supplier-related risks to cyber security?
It is incredibly important to manage cyber risks and part of this is to have regular internal training for staff and students, which is a key driver to keeping risks lower.
What should schools include in their cyber security policies / management plans?
Firstly, they should have a Data Privacy Policy, which provides governance around the handling of corporate data so it is handled and secured properly.
Schools should also have a Retention Policy, which describes how various types of corporate data should be stored or archived, where, and for how long.
A Data Protection Policy states how the business handles the personal data of its employees, customers, suppliers, and other third parties.
What’s more, a school should also have an Incident Response Plan which outlines the responsibilities and procedures that should be followed to ensure a quick, effective and orderly response to security incidents.
How can an efficient document solution improve other areas of the school?
Having documents kept securely in the cloud offers many advantages; firstly, the school no longer needs to hold a paper copy, saving filing space and eliminating the risk of damage and theft. Secondly, the documents can only be accessed by the correct personnel with the right permissions and, every time the documents are accessed, there is a full audit trail of who has read what and what they’ve done with the document. Finally, searching and retrieval of documents can be done instantly, enabling compliance with GDPR and saving time and administration resources. L
FURTHER INFORMATION
www.fujitsu.com www.filestreamsystems.co.uk www.cloudvoicedata.co.uk
