The education sector is increasingly looking to cloud platforms like Office 365 to improve staff productivity and teaching outcomes and reduce IT costs. But they should be wary of doing so without considering the cyber security implications. While Office 365’s built-in security works fine for many threats, it doesn’t stop everything.
For true peace of mind and maximum protection, school, college and university IT departments need to consider layering third-party security on top of Office 365.
Rolling out everywhere
Office 365 is the most widely adopted cloud platform in EMEA, with nearly two-thirds (65%) of organisations using it as of 2018 — an increase of 51% in just two years, according to one study. It’s becoming especially popular in the UK’s education sector, with participating institutions able to access the platform free of charge. A new Department for Education (DfE) strategy published in early April will only accelerate this adoption further. It recommends that “all education providers actively consider and evaluate the benefits of moving to a cloud-based approach for their IT system.”
However, that same report claims that “cloud-based systems are usually more secure” than in-house deployments. While this may be true for some organisations, it doesn’t mean IT departments can simply switch on their Office 365 deployments and forget about cybersecurity. In reality, the sheer volume and variety of threats out there demands an additional later of protection.
An attractive target
Schools, colleges and universities are an increasingly attractive target for attackers. With limited budgets for cyber security, stretched IT resources and a potentially large number of vulnerable users, they can represent a fertile hunting ground for hackers. Ransomware, crypto-mining malware, DDoS, and theft of personal and research data present major risks.
A report from insurer Ecclesiastical last year revealed that one in five British schools and colleges has been a victim of a cyber-attack — with malware (71%), phishing (50%), DoS (38%) and password-based attacks (33%) the most common. Separately, a new paper from Jisc and education think tank HEPI revealed that pen testers were able to access high value data in 100% of higher education institutions, within just two hours.
Time for help
Office 365’s built-in security is a good start. But it will only stop known threats. That’s why it’s essential that IT departments in the education sector invest in third-party security to stay safe from the cyber threats that can lead to data theft and outages. Look for solutions that offer pre-execution machine learning, document exploit detection and behaviour analysis to spot advanced threats like ransomware and information-stealing malware. It’s also important to find a solution that slots neatly into your existing environment via APIs.
In 2018 alone, Trend Micro’s Cloud App Security tool blocked nearly nine million high-risk email threats that weren’t stopped by Office 365. That’s the kind of peace of mind you need to get the most out of new cloud platforms.