The education sector is one of the most targeted by cybercriminals. According to the Cybersecurity in Portugal report, released in July 2024 by the National Cybersecurity Center, the Government Area of Education, Science, Technology and Higher Education, in 2023, was the 5th with the highest number of incidents, a total of 150.
Institutions of this type handle large volumes of sensitive information, from student and staff personal data to scientific research. Safeguarding this information requires efforts by everyone involved, particularly their employees, who are extremely important in this process.
Second Carlos Friaças, manager of RCTS CERT, digital service of the Foundation for Science and Technology, developed by FCCN "Employees must always adopt a preventative approach and, when in doubt about carrying out certain actions, they must ask others whether it makes sense to do so and assess the risk to the organization.".
However, will employees know how to protect their safety? What preventive measures should they take? To answer these questions, the FCCN security service team offers five essential pieces of advice.
#1 Do not open files of unknown origin
The person who sent you a e-mail It may even look familiar, but always confirm whether it is safe to download a particular attachment or click on one link. Cybercriminals often use emails that appear to come from reliable sources, even pretending to be from the university itself, but which, when examined in more detail, are not legitimate nor do they actually have that origin.
When does it download of a file or accesses a link, you may be downloading malware, viruses or others software Invasive attacks designed to damage your computer or attempt to access personal information. These strategies typically involve two types of attacks: phishing and ransomware.
#2 Respect the warnings about websites potentially malicious
A study published by the Google Chrome browser team found that only one in four users respects certificate warnings Security Sockets Layer. Take into account the alerts from your browser It is, however, a basic cybersecurity practice to avoid unpleasant consequences for the Institution where you work and for yourself.
Visit certain websites when these display warning notices, choosing the option “proceed to website not secure” can result, for example, in information theft. When faced with this reality, back off. If the website is legitimate, a valid certificate will later be installed again.
#3 Make copies of content that is not subject to backups regular
The immediacy of technology can create the illusion that all information is permanently available online. However, certain attacks can make this no longer a reality.
For this reason, one of the most basic cybersecurity practices is to create copies of the most sensitive information, which in the case of educational institutions may include student and teacher data, salaries, payments, and even confidential research. This information should therefore be replicated in a secure location separate from the original device.
#4 Never share passwords
The sharing of passwords has been identified as one of the main internal security risks in organizations: the more people know a password, the more likely a security breach is to occur.
Multi-factor authentication systems are an extra layer of security, as is the use of a security manager. password that facilitates the use of strong and different passwords in each of the same person's accounts.
It is also important that the password that you use in your Institution is not applied in any other area of your life, and that you do not leave it recorded in any place, whether physical or digital, no matter how harmless that may seem: your workplace is no exception.
#5 Use Secure Networks
Avoid using public Wi-Fi networks to access sensitive information. Whenever possible, use Eduroam, your institution's secure network.
When working remotely, use a virtual private network (VPN) to securely and encryptedly connect to the resources you need to access.
