From education to employment

The Evolving Security Requirements of a College Network

Graham Everington Exclusive

As students get ready to leave for the winter break, they’ll return with a list of expectations for being safeguarded in further education. That list likely includes protection from injuries during practical workshops, unsavoury canteen food, as well as the internet being likely near the top of those concerns. Over the past year, 86% of further education colleges identified a breach or attack, with one education organisation that managed more than 20 UK, US, and Canadian universities being held ransom until paying an undisclosed amount.

In light of these events, college and further education IT managers have taken a holistic approach to cybersecurity. This is especially true as institutes take advantage of wireless WAN technologies, to support both in-class and remote learning. If college IT staff want their network security plans to be successful and at the right scale, they’ll need security tools built on zero-trust principles to prevent the variety of threats facing their colleges.

Why Wireless WAN

A growing number of UK colleges are realising that wireless WAN (WWAN), or the use of public or private cellular routers or adapters as a key component of their WAN infrastructure, is a great way to enhance connectivity at the network edge and make sure there is as little interruption as possible to the many ways in which education has evolved.

A basic WWAN implementation typically involves deploying public or private cellular routers and adapters across the network to provide secure connectivity for college environments. Most colleges can set up a 4G or 5G solution to provide initial ‘day one’ connectivity in as little as 26 minutes from when the routers arrive.

A growing target

The rise in cyber-attacks on colleges is linked to the increased digitalisation of education, with many institutions integrating advanced learning management systems, cloud-based collaboration tools, and even AI-powered platforms to enhance students’ learning experiences. However, these advances also significantly increase the attack surface that cybercriminals can exploit. For example, cybercriminals disrupted the University of Cambridge Medical School, forcing critical systems offline and halting network services. In another incident, multiple UK universities faced attacks by the hacker group Anonymous Sudan, which disrupted websites, virtual learning environments, and VPN access.

Sensitive information, such as students’ health records, parental contact details, and staff data, is particularly valuable to cybercriminals. This data can be sold on the dark web, used for identity theft, or used in phishing schemes, making it a prime target for attackers. On top of this, if the data isn’t properly secured and a breach occurs, it can result in serious financial penalties and long-term reputational damage for the organisation. For colleges that are already operating with incredibly tight budgets, the consequences could be devastating, potentially affecting their ability to provide quality education. In this context, college IT managers must recognise their crucial role in safeguarding this data to prevent such costly outcomes.

Types of Attack

Understanding common cyberattack methods is crucial for college administrators to safeguard their institutions effectively. In the UK, these attacks often manifest as:
Phishing: Cybercriminals use deceptive emails or websites to trick individuals into revealing sensitive information. For example, in May 2024, Fettes College in Edinburgh experienced a cyber incident where criminals attempted to defraud some families through fraudulent communications.
Ransomware: This involves malicious software that encrypts an institution’s data, with attackers demanding payment for decryption. In September 2020, Newcastle University suffered a ransomware attack by the DoppelPaymer group, leading to significant IT disruptions and data being held to ransom.
Video conferencing disruptions: With the rise of online learning, unauthorised individuals have disrupted virtual classes by sharing offensive content. During the COVID-19 pandemic, several UK universities reported such incidents, highlighting the need for secure virtual meeting protocols.

Protecting colleges from these attacks requires an in-depth network strategy centred on zero-trust principles.

What IT Managers need to do to stay Secure

While the connectivity opportunities with a WWAN has greatly benefitted further education providers, it has also increased the network attack surface. This is why implementing a WWAN with built-in zero-trust security is so important for students, lecturers, and the IT personnel that manage college networks.

By default, zero-trust architecture empowers IT managers to control who gains access to college networks. Also, even if a member of the college is authorised, the right network solution will allow IT managers to easily implement the level of access users need. For example, allowing faculty and institute staff or third-party service providers to access only certain applications they need to do their jobs. This level of zero-trust security protects users as well as networks, reducing the potential impact of a breach. Compare this to more traditional virtual private network (VPN) solutions, which require complex configurations and, by default, give everyone access to the entire network.

There are also specific security features that college IT managers should look for in their WWAN approach. For example, role-based internet filtering allows the IT manager to dictate where a student can go whilst on the college network and, thereby, filter the content to which they are exposed. By restricting access to harmful or irrelevant content, IT managers can minimise vulnerabilities and enhance the online learning experience.

It’s also important that IT managers look for WWAN solutions that aren’t complicated to deploy or manage. In many cases, further education organisations don’t have massive IT teams with multiple experts to manage the various IT concerns that can happen throughout the day. A WWAN solution that is comprehensive but not complicated to manage, allows IT managers to prioritise the online safety of the college without having anything fall through the cracks.

A Secure Learning Experience

Many colleges have implemented security measures to make sure intruders can’t enter their facilities. They in turn dictate who can enter the building once lessons have started and who can’t. In fact, even students need permission to be in certain places once lessons have started. While the use of WAN tools can enhance college networks, IT personnel should approach cybersecurity with the level of fervour that administrators approach students’ and colleges’ physical security. With a zero-trust solution, college IT managers can have more control over who enters the figurative doors of their network. This helps promote a scalable network and a safe online environment, no matter where learning occurs.

By Graham Everington, Manager Public Sector, Ericsson


Related Articles

Responses