End-to-End Encryption: safeguarding school data against cyber threats

Written By Emma Stokes

In the face of increasing cyber threats targeting the education sector, Szilveszter Szebeni, Chief Data and Compliance Officer at Tresorit, outlines a strategic defense through the use of end-to-end encryption (E2EE).

In recent years, there has been a rising sense of urgency surrounding cyber security within the education sector, with the sensitive data of teachers, students and staff increasingly seen as prime targets for cybercriminals. A recent audit by the National Cyber Security Centre (NCSC) and the National Grid for Learning (LGfL) revealed that 78% of UK schools have experienced at least one type of cyber incident. Just seven per cent said their institution has never been significantly disrupted by a cyber incident or attack.

 Last year saw a spate of attacks by Vice Society—the Russian ransomware gang—on schools worldwide and in the UK, and another string of security breaches hit UK schools before the start of the autumn term.

 The government’s 2023 cyber security research reinforces the vulnerability of education establishments, revealing they’re more likely to have identified a breach in the last 12 months than the average UK business.

 With this in mind, how can school leaders harness the power of end-to-end encryption (E2EE) to protect sensitive student and financial data from prying eyes? How can E2EE help schools to minimise risk and become more resilient to cyber-attacks?

Scale of risk

If schools' sensitive information is compromised, the potential scale of risk is colossal. Successful cyber attacks can cause devastating financial loss—Jisc’s Cyber Impact Report 2022 found that UK educational institutions spend £2 million on average responding to ransomware attacks.

 The government’s research shows that 22% of primary schools, 24% of secondary schools, and 36% of colleges experience a negative outcome, such as financial or data loss, from any cyber breach or attack. 

 Data protection breaches can have severe repercussions for a school. In addition to tarnishing the school's reputation, there’s a real danger of significant financial loss. 

Since April 2010, the Information Commissioner's Office (ICO) has been granted the authority to fine private and public sector organisations found guilty of breaching the Data Protection Act up to £500,000. Therefore, school staff must recognise their duty to protect sensitive data and adhere to appropriate procedures. 

What is end-to-end encryption (E2EE)?

End-to-end encryption (E2EE), considered the industry ‘gold standard’, ensures files are encrypted as they travel to and from servers (E2EE file sharing), as well as when they’re stored in the digital cloud (E2EE file storage). It isn’t standard for all cloud solution providers; often, data will only be encrypted while stored or in transit. 

E2EE offers an extra layer of security so that only the sender and intended recipient of a message can access its contents. Even if a third party intercepts the message, they won’t be able to read it without the encryption key. 

Why E2EE storage is vital for schools

Schools process and store an incredible amount of sensitive data, including pupil names, medical records, payroll data, images, exam results, and more. Additionally, information related to staff, governors, and job applicants is regularly stored within a school’s database. E2EE storage safeguards confidential data, as even if servers are breached, only unintelligible information can leak out. 

E2EE file sharing

E2EE file sharing is also crucial for protecting sensitive data. The frequency of data sent out via email means the possibility of something going wrong, such as someone hitting ‘Reply ALL’ in error, is significantly high.

 Secure links offer protection when easy mistakes are made. For example, if an email with a secure link is sent to the wrong recipient, the sender can simply revoke access. Alternatively, a sender can set an open limit to only one, safe in the knowledge that only the intended recipient can open the shared link.

 E2EE file sharing with additional security controls also enables schools to apply granular safety controls such as ‘Automatic Expiry Deletion’, ‘Disable Download’, and ‘Automatic Expiry Deletion’ to potential data breaches. It also allows schools to comply to legislation such as the Data Protection Act for school records, 2018. It enables school staff to share large encrypted files simply and quickly with internal colleagues and external partners under the guidance of admin controls and email policies. 

Final thoughts

Schools have much to lose if their sensitive information falls into the wrong hands, from financial losses to reputational impact through a weakened brand image and impaired relations with parents. With threat levels high, E2EE is a powerful tool for helping to mitigate the effects of such breaches.

Emma Stokes
Previous

Pixel Global and The Skills Network launch skills bootcamp to diversify UK procurement sector
Next

UK Launches First Esports Leadership Qualification for Youth with British Esports and Leadership Skills Foundation