We all know how important it is to be vigilant against the threat of potential dangers online, like phishing or scams, to prevent a cyber attack. Most of us also know this is because cyber attacks can have consequences for everyone involved – whether it’s the loss of important documents, programmes or work, putting people’s privacy at risk, or even impacting a school’s entire network.
But did you know another good reason for your school/kura to work hard to stay cyber safe is because your cyber security posture can impact your staff and students’ wellbeing?
Mental Health Awareness Week is running this year from 26 September – 2 October, and recent studies have shown that stress and anxiety can be a significant factor in cyber security incidents. Not only that, cyber security incidents or concerns can also negatively impact the wellbeing of those caught up in them.
Last month, the Cyber Attack Trends: 2022 Mid-Year Report found that the global education/research sector has seen a 114% increase in monthly cyberattacks in the last two years, with Australia and New Zealand the most heavily-attacked region.
This means that the ‘human firewall’ is becoming increasingly important as your first line of defence, and that your school/kura should remain, more than ever, watchful and vigilant.
How does cyber security posture impact wellbeing?
Whether it’s data leaks, online ransoms, costly clean up work, or private documents made public, cyber security incidents can create anxiety and stress and far-reaching consequences and disruptions for people who fall victim to them, and/or for any others who become unwitting collateral damage.
The repercussions of these incidents can cause stress, such as significant workplace disruption, damage to personal relationships, long additional work hours, impacts to work programmes, deadlines and projects, and even resignations.
Another link between cyber security and wellbeing is that cyber attackers will often work to exploit human psychology by putting perceived or real time pressure on those they’re targeting. This is because people are more vulnerable to things like phishing and scams when they’re busy or in ‘autopilot’ mode.
Earlier this year, research found human error contributed to around 85% of security breaches, and that these errors are more likely to be made by people who are operating under pressure and stress. This means they may be less likely to question odd requests, or have the same radar for odd communications that they normally would. Not to mention that many young people/rangatahi may not yet have developed a whole sense of what doesn’t ‘look right’ online.
What can you do to reduce risks?
The good news is we can all play a role in mitigating cyber risk and schools/kura can take a proactive approach to improving your cyber security and posture. We have some top tips to help stop cyber attackers finding a way in and what to do if your school experiences a cyber security incident.
1. If something looks suspicious, delay your response and consult your IT provider or your support network. Often, we don’t want to believe that we’re being scammed, but it’s important to raise the alarm.
2. If you’re worried about something (e.g. you’ve clicked a link you shouldn’t have) – don’t bury it. Instead, report it as soon as possible to your IT provider or N4L.
3. If you’re called on the phone by someone suspicious and you’re not sure it’s a legitimate call, say: ‘I’m busy at the moment but I can call you back later today. Can I have your number?’ An illegitimate caller most likely won’t leave their number.
4. Don’t feel embarrassed – scams happen all the time. Schools and kura can help by creating a culture where staff and students feel comfortable about reporting cyber security incidents. It’s important people aren’t trying to deal with incidents on their own. By reporting these incidents, it’s helping protect other people from experiencing the same incident.
Your staff and students can all help your school to stay safe by being vigilant and creating good practice habits. This can include the use of strong and unique passwords, using two-factor authentication (2FA) and installing software updates which help protect your devices.
There are further things your school/kura can do to improve your ‘human firewall’. For example, you can ensure there is clear transparency and communication in the event of a cyber incident. You can also proactively create a healthy digital culture at your school/kura through the sharing of best practice and training. And having a structured incident response plan will make life easier in the event of an attack.
Our support
We’re here to help you, and schools/kura can rely on our expert guidance on reducing the risk of identified threats and vulnerabilities, as well as supporting you to identify and remediate cybersecurity incidents. For example, one of our latest initiatives in cyber security is our Email Protection solution (provided by Proofpoint, a global leader in email security). It’s also a good idea to have cyber insurance (available through the Ministry of Education’s Risk Management Scheme).
No matter what or how much you do, cyber attacks may still happen, but schools can play an important role through educating staff and students about the dangers, and what to do if one happens. We can all contribute by working together to better fight cyber crime and N4L is always here for you if you need advice or help.