Home >  Blog >  Managing Cyber Risk at your School

Managing Cyber Risk at your School

Posted on 28 October 2017
Managing Cyber Risk at your School
As technology continues advancing at an ever increasing pace, cyber security becomes more and more crucial. In this RiskEd article, we shine a light on a few important developments in this space.

We look at the introduction of the Government's Notifiable Data Breach scheme. We unveil our new service helping clients deal with cyber breaches in real time. And we talk to a cyber security expert about managing risks all Catholic schools and colleges should be prepared for.

An introduction to the NDB scheme

The Australian Government's new Notifiable Data Breach (NDB) scheme begins on 22 February 2018.

The scheme requires organisations, including Catholic schools and colleges, to notify any individuals likely to be at risk of serious harm when a data breach has occurred. The notice must include recommendations for what individuals should do in response to the data breach, and the Office of the Australian Information Commissioner (OAIC) must be notified.

What is a Notifiable Data Breach?

A Notifiable Data Breach is a data breach that is likely to result in serious harm to individuals to whom the breached information relates.

A data breach occurs when personal information your school or college holds is lost or subjected to unauthorised access or disclosure.

Data breaches include:
  • when a device containing personal information is lost or stolen
  • when a database containing personal information is hacked
  • when personal information is mistakenly provided to the wrong person.

Complying with the scheme

The NDB scheme aims to give people confidence their personal information is being respected and protected, and will improve transparency in the way organisations respond to serious data breaches. It also helps individuals minimise the damage that can result from unauthorised use of their personal information.

By complying with the requirements of the scheme you can help protect your school community and avoid serious regulatory action. For updates on your responsibilities, visit the Office of the Australian Information Commissioner:

New help to fight cybercrime

With the cyber landscape changing so rapidly it can be daunting keeping up with each new threat and its management. So, for your peace of mind, we've enhanced the protections of our Cyber Insurance policy, and included a free service you can access during a cyber attack.

The substantially expanded policy now provides cover for a range of first party losses including:
  • computer system interruption loss
  • credit monitoring costs
  • crisis containment
  • cyber extortion
  • data breach notification costs
  • forensic services
  • loss of electronic data
  • software damage

We've also partnered with DXC, a leading IT service company, to guide you through an attack. Everyone with our Cyber Insurance policy now has access to 24/7 technical support and an end-to-end claims management service provided by DXC's cyber security experts. By calling the helpline when you suspect an attack, or during one, you can be confident you're taking the right steps to protect your community, and reduce your school's risk of loss and claims.

Words from the Wise

Tim Meng Ching is Head of Security Services at DXC Australia. For this edition of RiskED, Tim shares his insights about student behaviours with mobile devices, an area often overlooked in cyber risk management. Their seemingly benign activities can lead to serious breaches of security that can leave them, and your school, vulnerable to cyber crime.

"With the proliferation of mobile devices today, teachers and students are using mobile devices in the learning process and also for their personal use.

"Mobile phones and tablets have brought convenience to the learning process as students can carry all their digital knowledge without having to carry heavy books around, and at the same time technologies like instant messaging, social networks and email help students to easily interact with their teachers, friends and family members.

"Students seeking to be unique will understandably try to customise the functionality and the user interface on their mobile devices to have a different design to stand out from the peers. The modern iOS and Android devices may allow limited customisation, but the quest for customisation may lead to students seeking to jailbreak their mobile devices to change the user interface, or to install pirated applications which typically would not be installed in locked down mode.

What is jailbreaking?

"Jailbreaking is the process of breaking the Digital Rights Management (DRM) or the system access control that prevents or limits the type of software you can run, or prevents the user from accessing sensitive folders, which would not usually be accessed via normal use.

"Typically, the DRM helps enforce a certain level of security that prevents malicious software from running on the mobile devices, and ensures that legitimately bought software or media are installed on the mobile devices. Jailbreaking can allow malicious software to actually steal the contents on the phone, and even intercept the input contents from the keyboard.

"With students now using mobile devices to communicate with their friends, store sensitive information, or to perform certain financial transactions, jailbreaking may allow malicious applications to perform identity theft, steal passwords, or perform cyber-spying on the user's mobile device.

"From a cyber insurance perspective, a user who has their mobile device jailbroken will typically have any cyber claims denied because they have tampered with the device and allowed the cyber attack to take place. The act of jailbreaking also voids the product warranty.

Security measures

"Users of mobile devices are strongly encouraged to adopt the following best practices when it comes to maintaining a strong security posture for their mobile devices:

Do not jailbreak.
"Always resist the allure of jailbreaking even if it means the mobile device can be used to do things previously not possible. Jailbreaking will also void any warranty left on the mobile device.

Always install the latest patch for mobile devices.
"Mobile device OS, like any other software, should be updated immediately if security vulnerabilities are discovered. This will minimise the possibility of an attacker utilising a 0-day attack to exploit the mobile device platform or perform malicious acts.

Always install applications from a trusted source
"The Android platform allows the installation of software from different app stores. Always ensure that applications or media are downloaded from trusted app stores.

Do not connect mobile devices to untrusted computing devices or charging ports
"Malicious software can be used to infect a mobile device if the PC itself is infected. Even charging points in public places like airports or exhibition halls can be tampered with to inject malicious software into the mobile device being charged. Ensure that you charge your mobile devices from trusted charging ports.

Always secure the mobile device with a password or a biometric authentication
"Lastly, the mobile device contains a lot of sensitive information about the device owner. It is important that all access is restricted, and that any use of the mobile device will require a PIN/password or a biometric authentication. This minimises unauthorised access of the mobile device should it be lost or stolen."

Want to know more?

For more information on how to improve cyber security at your school or college we recommend:

Privacy and Information Security (Learning Manager's online training course)

Managing Risk in Catholic Organisations Guide
Developing an IT Security Policy Fact Sheet
Developing a Password Policy Fact Sheet
Developing a Firewall Policy Fact Sheet
Developing an Email Usage Policy Fact Sheet
Developing an Internet Usage Policy Fact Sheet
Developing a Content Management Policy Fact Sheet

If you'd like more information about CCI's Cyber Insurance, contact your Client Relationship Executive or call 1800 011 028.

Tags: Risk Management

Post comment



34 Albert St Darley
Victoria Australia 3340