Cybersecurity in education is a priority and a necessity. And it is even more so since digitalization and IT tools have become part of the educational resources at different stages.
Importance is given by the databases and sensitive information handled by the sector itself. And the fact is that educational institutions operate with juicy documentation, which was more accessible during the pandemic, when there was a forced digital transition, without measuring the consequences or maintaining adequate control measures in many cases, sometimes leaving an open door to cybercriminals.
In fact, some sources indicate that hacker cyber-attacks in academia have increased during and after COVID-19 by as much as 300%. As a result, institutions face a triple challenge of training, investment, and prevention.
Cybersecurity in the educational environment and new technologies
With the advent of digitization in the education sector, legislative regulation has become obligatory, which was previously non-existent and unthinkable. Strengthening Internet security is something we do every day in homes and businesses. Still, no one thought it would be necessary to do it in the classroom, let alone legislate it.
Terms such as phishing, computer viruses, backups, cyber-attacks, and centers such as the National Institute for Cybersecurity (INCIBE) are familiar to us in business and at home. Millions of data are circulating on the network worldwide from email servers, social networks, video call tools, banking applications, etc.
Using new technologies has its good side because they provide opportunities for information. Still, at the same time, they pose a risk of intrusion into privacy that used to be more difficult to violate.
Institutions are currently faced with a dual mission in terms of cybersecurity in the educational environment:
- Protect individuals: their personal data, academic history, qualifications, financial data, image, etc.
- Protect information: databases, scientific research, academic studies, statistics, patents, etc.
And if online testing is done, we add a third one: protecting the test against hacking.
Cybersecurity in Information Technology Environments
The new professions that have emerged around technological innovation, and those that are yet to emerge, show a reality to be addressed and a current need. For this reason, in recent years, IT degrees related to IT cybersecurity have been included in the curricula.
We are no longer talking about physical documentation in an office; now, it is a matter of watching over reports hosted in software or the cloud. Specifically, its mission is:
- Recurrently detect and investigate cybersecurity incidents to prevent serious intrusions.
- Create IT security plans and access control and identification systems.
- Analyze the level of security where confidential information is housed.
- To apply the security and privacy policies established by law and the company’s guidelines.
- Ensure the safety of the software or application used by the training entity.
In this sense, we are talking about a technical profile, although we must also consider the GDPR within the academic sector and its correct application.
Cyberprotection in SMOWL
Without going into technical details, our company hosts the infrastructure and data on Amazon Web Services (AWS), for which we must follow the best practices defined by this shared model in terms of Identity and Access Management (IAM), which encompasses aspects such as users, passwords, access levels and restricted access, firewalls, etc.
Working with AWS allows us to guarantee cyber protection and strictly comply with every state legislation on data protection.
We care for and protect the information hosted inside and outside the cloud in compliance with the law and the European Union’s requirements. Thus, the low volume of data we store is stored on European servers. And when we say low volume, we mean that we keep the minimum amount of information we have to handle.
- We do not store biometric data: the identification of the student and the confirmation that it is the same person during the test are typified as incidents in our report.
- We anonymize personal data: we associate a numerical code to the student. Only the training entity knows to whom it belongs.
- You don’t even need to install the software: in the simple version of SMOWL.
- We do not store any activity beyond the exam: monitoring ends once the user deactivates the tool and finishes the exam.
The application’s design is intended from the beginning to preserve security, knowing that any online monitoring is perceptible to find cybercriminals. For this reason, we take great care to ensure and demonstrate that users who use SMOWL do so in a secure environment and that the educational entity bears the most significant responsibility.
The triple challenge: investment, training, and prevention
When a center incorporates a digital teaching resource, it must consider what system it is managing and that none of them is 100% infallible. A hacker will go where it is most accessible to enter. That’s why the need for investment in cybersecurity in education is so important, but it must also be borne in mind that a hacker can also take advantage of a human error, such as clicking on a link that arrives by email.
Thus, to be able to use e-learning systems, online classes, chats, and other media with more peace of mind, the entire educational community must be trained and informed of its B-side.
Also, updates for investment must be made in firewalls and human capital, having constant involvement in prevention. The latter is not only necessary but a priority.