Cyber Security in Education

[Audio] CYBER SECURITY IN EDUCATION Protecting Digital Learning Environments in the 21st Century Presented by: Educational Technology — 300 Level Course: EduTech 3xx | 2025/2026 Academic Session.

[Audio] PRESENTATION OUTLINE Introduction & Definitions Why Education Is a Target Common Cyber Threats Impact on Stakeholders Best Practices & Countermeasures Policy & Frameworks Recommendations & Conclusion The cybersecurity threats pose a significant threat to all stakeholders involved in education. Identity theft and academic record tampering are just two examples of the many risks that exist. Students, teachers, and staff may experience disruptions to their learning environment due to cyber attacks. Parents also face risks as they may be affected by the consequences of such attacks. The impact of these threats can be far-reaching, affecting not only individuals but also institutions and the broader community..

[Audio] 01 | INTRODUCTION & DEFINITIONS What is Cyber Security? Cyber Security in Education Cyber security is the practice of protecting computer systems, networks, programs, and data from digital attacks, unauthorized access, damage, or disruption. It encompasses technologies, processes, and practices designed to safeguard information assets in cyberspace. The application of cyber security principles within educational institutions to protect: • Student & staff personal data • Academic records & research • Learning Management Systems (LMS) • Digital infrastructure & networks • Online examination platforms CIA TRIAD: CONFIDENTIALITY • INTEGRITY • AVAILABILITY The practice of cyber security involves several key elements including threat intelligence, incident response, vulnerability assessment, penetration testing, and risk management. Threat intelligence provides valuable insights into potential threats and vulnerabilities, while incident response enables organizations to quickly respond to and contain cyber-attacks. Vulnerability assessment identifies weaknesses in computer systems and networks, allowing for proactive measures to be taken to address them. Penetration testing simulates real-world attacks on computer systems, helping organizations to identify vulnerabilities and strengthen their defenses. Risk management involves assessing and mitigating risks associated with cyber threats, ensuring that organizations can minimize losses and maximize benefits. By applying these elements, organizations can effectively manage and mitigate cyber security risks..

[Audio] 02 | WHY IS EDUCATION A TARGET? 60% $3.7M #3 of K–12 schools reported a cyber incident (2022-23) Education is the 3rd most targeted sector globally Average breach cost in education sector (IBM 2023) Key Reasons Educational Institutions Are Vulnerable Vast Sensitive Data Open Network Culture BYOD Environments Limited Security Budget Student records, financial aid, health data, and research — all in one place. Universities prioritise access over security; open networks are the norm. Bring-Your-Own-Device policies expand attack surfaces dramatically. Public institutions are underfunded for IT security relative to other sectors. The institution has been exposed to various types of cyber threats, including phishing emails, malware, and ransomware attacks. These threats have resulted in significant financial losses and compromised sensitive information. The institution's lack of preparedness and inadequate cybersecurity measures have contributed to these incidents. The institution's reliance on outdated technology and lack of expertise in cybersecurity have also played a role. Furthermore, the institution's open network culture and BYOD policies have created an environment conducive to cyber attacks. To address these issues, the institution needs to implement effective cybersecurity strategies, including the use of pre-encoded images and other security measures. The institution should also invest in employee training and awareness programs to educate staff about the importance of cybersecurity and how to identify potential threats. Additionally, the institution should consider partnering with external experts to enhance its cybersecurity capabilities..

[Audio] 03 | COMMON CYBER THREATS IN EDUCATION Ransomware Phishing Identity Theft Encrypts institutional data; attackers demand payment. Education saw record attacks in 2022-23. Deceptive emails targeting students and staff to steal login credentials and sensitive data. Student & staff personally identifiable information (PII) harvested for fraudulent activities. DDoS Attacks Data Breaches Insider Threats Flooding servers with traffic to disrupt online exams, portals and learning platforms. Unauthorized access to academic records, grades, financial info and research data. Malicious or negligent actions by staff, students, or third-party contractors. The common cyber threats faced by educational institutions include ransomware, phishing, DDoS attacks, and data breaches. Ransomware is a type of malware that encrypts institutional data and demands payment for its release. Phishing involves sending deceptive emails to students and staff to steal their login credentials and sensitive data. DDoS attacks overwhelm networks with traffic, causing them to crash and disrupting operations. Data breaches involve the theft of sensitive information from an organization's database. These threats require immediate attention and action to prevent damage to digital learning environments and to protect student and staff data..

[Audio] 04 | IMPACT ON STAKEHOLDERS Students Educators & Staff Institutions Identity theft & privacy violations Academic record tampering Loss of sensitive personal data Disrupted access to learning resources Compromised personal & payroll data Ransomware disrupting teaching Reputational & legal risk Increased workload from incident response Financial losses (millions in ransom) Legal/regulatory liability (FERPA, GDPR) Damaged public trust & reputation Operational disruption of services The increasing reliance on technology in education has led to an exponential increase in the number of cyber threats facing schools and universities. Cyber attacks pose significant risks to both students and educators, including identity theft, privacy violations, and academic record tampering. Furthermore, the consequences of a cyber attack can have far-reaching effects on a student's life, impacting their personal and academic well-being. Students who experience a cyber attack may suffer from anxiety, depression, and post-traumatic stress disorder (PTSD). Moreover, the financial burden of recovering from a cyber attack can be substantial. Schools and universities must prioritize cybersecurity to mitigate these risks. Implementing robust cybersecurity measures, such as encryption and secure protocols, can help prevent cyber attacks. Additionally, educating students and staff about online safety and digital citizenship can promote a culture of cybersecurity awareness. By prioritizing cybersecurity, schools and universities can create a safer and more secure learning environment for everyone..

[Audio] 05 | BEST PRACTICES & COUNTERMEASURES Multi-Factor Authentication Security Awareness Training Mandate MFA for all institutional accounts — LMS, email, student portals. Regular training on phishing, safe browsing, and password hygiene for all users. Data Encryption Network Segmentation Encrypt all sensitive student and staff data at rest and in transit. Isolate student, staff, and admin networks to limit the spread of breaches. Incident Response Plan Regular Security Audits A documented plan to detect, contain, and recover from security incidents. Periodic vulnerability assessments and penetration testing of all systems. Mandating multi-factor authentication for all institutional accounts will significantly reduce the risk of unauthorized access and protect sensitive information. This measure should be implemented immediately because it provides a robust defense against various types of attacks. Implementing MFA also educates users about potential threats such as phishing and malware, promoting good security practices. Encrypting all sensitive data both at rest and during transmission ensures confidentiality and integrity. Network segmentation isolates student, staff, and administrative networks, limiting the spread of breaches and reducing the attack surface. A well-defined incident response plan is necessary to detect, contain, and recover from security incidents. Regular security audits are crucial to identify vulnerabilities and ensure compliance with industry standards..

[Audio] 06 | POLICY & FRAMEWORKS Relevant Frameworks & Regulations Institutional Responsibilities NIST CSF Identify, protect, detect, respond, and recover — the gold standard cybersecurity framework. Appoint a Chief Information Security Officer (CISO) Develop and enforce an Acceptable Use Policy (AUP) Establish data classification and retention policies Ensure compliance with national and international data laws Conduct regular security awareness campaigns Create a Cyber Incident Response Team (CIRT) Partner with government and industry cybersecurity bodies Family Educational Rights & Privacy Act — governs US student educational records confidentiality. FERPA General Data Protection Regulation — strict EU rules on data collection, consent, and breach reporting. GDPR ISO 27001 International standard for Information Security Management Systems (ISMS). The institution has implemented various measures to enhance cybersecurity, including the appointment of a Chief Information Security Officer (CISO). The CISO is responsible for overseeing the development and implementation of the institution's cybersecurity strategy. The CISO works closely with other departments to ensure that all aspects of the institution's operations are aligned with the institution's cybersecurity goals. The CISO also provides guidance and support to faculty and staff on cybersecurity best practices and incident response procedures. The institution has also established a Cyber Incident Response Team (CIRT) to handle any cyber incidents that may arise. The CIRT is composed of representatives from various departments who work together to respond to and contain any cyber threats. The team is trained to respond quickly and effectively to any cyber incidents, minimizing the impact on the institution's operations. The institution has also developed and enforced an Acceptable Use Policy (AUP) that outlines the acceptable use of technology resources within the institution. The AUP is designed to prevent unauthorized access to sensitive information and to promote a culture of cybersecurity awareness among faculty and staff. The institution has also implemented various technical measures to enhance cybersecurity, such as firewalls, intrusion detection systems, and encryption. These measures help to prevent unauthorized access to sensitive information and to detect and respond to potential cyber threats. The institution has also conducted regular security audits and risk assessments to identify vulnerabilities and weaknesses in its cybersecurity posture. The results of these audits have been used to inform the development of new cybersecurity strategies and to improve the overall effectiveness of the institution's cybersecurity measures..

[Audio] 07 | RECOMMENDATIONS & CONCLUSION Integrate cyber security literacy into the core educational curriculum from primary level. Invest in dedicated IT security infrastructure and a qualified security team. Adopt a Zero-Trust security architecture: verify every user, every time. Enforce strong password policies and mandatory multi-factor authentication institution-wide. Establish student-led cyber security clubs to build a culture of awareness. Cyber security is not just an IT concern — it is a shared responsibility across all education stakeholders. Cyber security is a critical component of protecting digital learning environments in the 21st century. To ensure the safety and integrity of our educational institutions, we need to take proactive steps to prevent cyber threats. One key recommendation is to integrate cyber security literacy into the core educational curriculum from primary level. This will enable students to develop essential skills to protect themselves and their devices from cyber attacks. Furthermore, investing in dedicated IT security infrastructure and a qualified security team is crucial to effectively manage and mitigate potential risks. A zero-trust security architecture can help verify every user, every time, reducing the risk of unauthorized access. Additionally, enforcing strong password policies and mandatory multi-factor authentication institution-wide can significantly enhance the overall security posture of our educational institutions. By implementing these measures, we can create a safer and more secure learning environment for our students..

[Audio] THANK YOU Questions & Discussion Cyber Security in Education | Educational Technology 300 Level | 2025/2026 The educational technology course will cover topics such as digital citizenship, cybersecurity, and digital literacy. The course will also explore the role of artificial intelligence in education and its impact on student learning outcomes. Furthermore, the course will delve into the world of virtual reality and augmented reality in education, examining their potential benefits and drawbacks. The course will provide students with practical skills and knowledge to help them navigate the complex landscape of educational technology. By focusing on these key areas, we aim to equip students with the tools they need to create a safer and more secure digital learning environment..