With students, teachers and staff getting ready to return to school, Armis, the leading unified asset visibility and security platform provider, analysed the new working culture and how the security of personal devices could put the education sector at risk upon the return to school.
The survey of 2,000 UK employees conducted by Censuswide on behalf of Armis revealed that, over the lockdown period, 61% of professionals in the education sector* used their personal mobile phones for work, while 40% also used personal laptops. The real risks, however, arise when these new devices are exposed to the school/university/corporate network.
And in fact, 61% of respondents intend to bring their personal devices to work when returning. To make matters worse, over a quarter (26%) of the professionals in the education sector admitted that their companies have no policies in place to secure devices (including personal devices) that have been used from home over the lockdown period. A further 17% didn’t know if there were any policies in place; and alarmingly, 62% of those surveyed also did not believe that their personal devices posed any security risk at all to their organisations.
Andy Norton, European cyber risk officer at Armis said: “Employers need to realise the risk associated with unsecured personal devices when they welcome their employees back to work, especially with regards to schools, universities and education organisations. As we have seen throughout the pandemic, attackers have been targeting vulnerable institutions; schools and universities sadly being among those badly affected.”
Andy continued: “Education facilities house all kinds of sensitive data and information, and one unsecured device poses an easy and attractive target for a threat actor to take advantage of to gain access to a network. Systems administrators and admin teams need to have visibility over what is connecting to the network and be able to flag any insecurities that these unmanaged devices might bring.”
Armis also cautioned that professionals within the education sector should be taught about the vast dangers of not properly protecting their devices, because an attack won’t solely affect an individual but could have far-reaching repercussions across the entire school/university. More importantly, organisations within the education sector also need policies to secure their employees’ devices, to fill all gaps that could create a vulnerable access point. With the return to school just around the corner, it is vital that all schools and universities have device visibility as well as the right security and policies in place to protect students and teachers.