Outsmarting cyber actors: Top tips for educational institutions


Education, like many other sectors, has undergone a significant transformation in its operations and methods of communication.

COVID-19 pushed the power button on digital transformation for schools and higher education providers across the globe. However, as their dependence on remote learning and collaboration has increased, educational institutions have become more exposed to cybersecurity threats, with attackers taking advantage of the expanded range of devices and applications staff and students now use to stay connected.

In the last financial year, approximately one quarter of cybersecurity incidents in Australia affected critical infrastructure organisations such as educational institutions, according to the Australian Cyber Security Centre (ACSC) Annual Cyber Threat Report 2020–21. Of all the reporting sectors, education and training ranked fifth for the most cybersecurity incidents in the 2020–21 fiscal year.

Schools and universities in New Zealand have suffered a similar fate, with the education and training sector reporting the third most cybersecurity incidents in the third quarter of 2021.

Several cyberattacks in 2021 brought these alarming statistics home. In Australia, the NSW Department of Education, the University of South Australia, RMIT University and Swinburne University of Technology were all compromised by malicious cyber actors. While in New Zealand, a number of schools and the kindergarten group Whānau Manaaki fell victim to the global Kaseya ransomware attack.

With remote learning likely to continue playing a major role in education post-pandemic, institutions in this field must heed the harsh lessons of those whose systems have been breached by cyber attackers. This requires not only a robust plan for reacting in the event of a cybersecurity incident, but also a proactive approach to improving your security posture.

Keep your cool, lean on the experts

Educational institutions are attractive targets for cybercriminals due to the size of their digital networks and the amount of valuable information they possess and circulate, not to mention the legacy IT infrastructure still used by many schools, universities and government-owned education departments. Therefore, it’s critical to know how to respond in the event of an attack.

It’s easy for panic to set in during a cybersecurity incident, which can lead to poor decision-making. The key is to remain calm, minimise communications as much as possible across your network and prevent any actions that could result in the loss of data or evidence of the attack.

When faced with a cybersecurity crisis, it’s also vital that you engage the experts as soon as possible, as they will be in the best position to assess the situation, understand its scope, contain the damage that the attacker has caused and get systems back online. These are the three steps that Microsoft’s highly specialised Detection and Response Team follow when investigating incidents reported by our customers.

Your response to a cybersecurity threat needs to be quick, thorough and cohesive, which is how we’ve designed our Unified Support offering at Microsoft. With reactive support across their entire Microsoft ecosystem available 24/7, customers can access the right type of help when they need it.

Protect your data, perfect your security posture

As well as a rapid and measured response, it’s crucial to implement strategies that minimise the risk of a cyberattack happening in the first place.

One way to proactively improve your security posture is to not only know your data, but also know how to govern, protect and control it. By doing so, you can ensure your organisation’s deployment and usage of remote learning technology is compliant with internal policies and external regulations.

Adhering to these four data governance and security principles also mitigates the risk of inadvertent data leakage and enhances your organisation’s ability to detect potential ‘insider threats’.

There are many other ways educational institutions can proactively combat cybercrime, such as adopting a Zero Trust security approach, practising good cyber hygiene, taking a holistic approach to risk management and following the ACSC’s Essential Eight security guidelines. Finally, it is important that all cybersecurity compliance and risk solutions help schools and universities foster a culture of safety and inclusion amongst students.

All the above-mentioned strategies are embedded in Microsoft’s Unified Support offering and have helped many customers proactively improve their security posture. With the support of Microsoft customer engineers, a large educational institution in Australia has significantly reduced its risk of data loss through improved data classification practices. A two-day workshop helped the organisation understand where its most sensitive data was located, as well as best practices in ‘sensitivity labelling’ of this data across platforms such as SharePoint, Teams and Exchange. Even during times of remote learning, the chance of a data breach from external or student users has been dramatically reduced as a result of this engagement.

Prepare to be tested

Just like students studying for an exam, educational institutions need to prepare for the possibility of a cyberattack by upskilling students and staff on best practices. These include addressing any potential vulnerabilities, putting cybersecurity incident response plans in place and rigorously testing these plans with crisis response exercises.

With more than 40 complimentary on-demand assessments available as part of Microsoft Unified Support, including Active Directory and Well-Architected reviews, our customers can control the health of their digital estate.

Also, Microsoft’s team of deeply skilled cybersecurity engineers can help detect any weaknesses in an organisation’s security posture and strengthen it accordingly. With the cybersecurity talent shortage starting to bite in Australia, access to this level of expertise has become even more critical.

As their digital footprint continues to grow, schools and universities who take a proactive approach and utilise the power of technology have the best chance of responding to cyberattacks in the future.

Improve your security posture with Microsoft Unified Enterprise Support

Loss of data, privacy breaches, and significant downtime caused by an attack are all potentially devastating outcomes.

Your response to a cybersecurity threat needs to be quick, thorough and cohesive, which is how we’ve designed our Unified Enterprise Support offering at Microsoft. With reactive support across the entire Microsoft ecosystem available 24/7, you can access the right type of help when you need it. Microsoft Support can also help you proactively improve your security posture, to help prevent future threats.

Find out about Microsoft Unified Enterprise Support.