Cybersecurity in Educational Institutions: Management Strategies (www.kiu.ac.ug)

https://www.eejournals.org/ Open Access
This is an Open Access article distributed under the terms of the Creative Commons Attribution License
(http://creativecommons.org/licenses/by/4.0), which permits unrestricted use, distribution, and reproduction in any medium,
provided the original work is properly cited
Page | 51
Cybersecurity in Educational Institutions:
Management Strategies
Kakembo Aisha Annet
Faculty of Education, Kampala International University, Uganda
ABSTRACT
Cybersecurity is becoming increasingly vital for educational institutions as they embrace digital
technologies for instruction, administration, and data storage. This review examines the evolving
cybersecurity landscape within the education sector, highlighting the specific vulnerabilities and
challenges faced by schools and universities. It examines the threat landscape, the importance of
protecting sensitive data, and the legal frameworks governing data privacy. The study also identifies key
components for effective cybersecurity management, such as risk assessment, policy development, and the
integration of advanced technologies. Best practices, including fostering a culture of security and
implementing robust error management frameworks, are proposed to enhance resilience against
cyberattacks. Through case studies, the paper demonstrates the consequences of cyber breaches and the
critical lessons learned for improving institutional preparedness and response. The research underscores
the necessity for strategic, proactive measures to mitigate risks, safeguard data, and maintain trust in
educational environments.
Keywords: Cybersecurity, educational institutions, data protection, risk management, ransomware,
privacy policies.
INTRODUCTION
In today's digital age, the massive proliferation of the internet and mobile devices has generated a
significant amount of data, thus revolutionizing the way business in educational institutions is handled.
Technology in the form of storage servers and cloud computing by these institutions has made life easier
for educational service providers. Complex data are stored which need to be protected from outside
threats. Cybersecurity is an integral part of data protection in educational institutions. Lately, various
databases from educational institutions have been breached due to security flaws, disruption, or
unauthorized access. Since educational institutions store relevant data in their digital system,
cybercriminals pose as a prime target for cyber attacks. The damage following data breaches from
educational institutions is usually associated with reputational, monetary, or even market share loss if the
news spreads to the public. Hence, maintaining information privacy and security plays a crucial trust
factor in the educational ecosystem [1, 2]. This paper provides insights into managing cybersecurity for
educational institutions. It provides an overview of the current cybersecurity trends and indicates very
high numbers of data breaches that have occurred in the educational space. Besides discussing the
implications of cybersecurity damage for stakeholders, the review also outlines short and long-term goals
to be accomplished. The paper emphasizes the need for more robust cybersecurity strategies to provide
comprehensive coverage to fight against potential threats. Introducing cybersecurity measures in
academic institutions and preparing a proper incident response should stand at the top for these
educational institutions. Creating a safe environment through bridges between networks, mobile
computing, IoT, social media, privacy and security policies, and compliance, provides a need for the right
approach in developing an educational management strategy. Suggestions are also present such as using
ring signatures or gadget-based, mutually distrusting computing entities. The suggested management
EURASIAN EXPERIMENT JOURNAL OF HUMANITIES AND
SOCIAL SCIENCES (EEJHSS) ISSN: 2992-4111
©EEJHSS Publications Volume 6 Issue 2 2025

Page | 52
helps these institutions to act more effectively in trying to engage in cybersecurity against threats that
might arise in cyberspace [3, 4].
Understanding Cybersecurity in Educational Institutions
Cybersecurity is a critical area of development in educational institutions, and several factors make them
ideal targets for malicious actors. Educational settings collect vast repositories of confidential and
personal information about students, affording these entities the ability to make undue profits from the
use or sale of private information. In universities particularly, researchers may have information of
commercial interest that is housed within the information systems, intellectual property that presents
further motives for attack. Educational institutions are often vulnerable to ransomware operators, who
threaten to publicly leak academic, medical, financial, or personal information if their demands for
payment are not met. At a basic level, the cost of instituting cybersecurity procedures and infrastructure
is often not prioritized highly by administrators. Cyber threats and the modes by which they are executed
have evolved alongside the ubiquity of distributed information systems and are continually updated in the
shadows of the million-dollar cybersecurity industry. In educational contexts, denial-of-service attacks are
growing more prevalent and more damaging. In like manner, educational institutions are at a heightened
risk for ransomware attacks, in which a hacker breaches the information systems and encrypts the data
within. A ransom demand is sent to the network administrators, who may have only days to pay the
attacker before access to system data is compromised and operational resources are permanently shut
down. Furthermore, widescale identity theft and siphoning of confidential information have made major
news outlets on account of the acts against major targets [5, 6].
Threat Landscape
Numerous security threats are evolving and causing immeasurable damage to educational institutions.
Phishing, malware, and application security attacks are the most regular paths or strategies that require
attention from an early phase. The popular choices include Denial of Service attacks, which make
educational institutions face misdirection to be vigilant and protect themselves, while some hacking can
also be performed from insecure networks and the use of unpatched software. Today's concern about the
vast educational institutions' operating systems, such as schools, music institutions, universities, and
colleges, can be breached [7, 8]. While the students, faculty, examination bodies, financial systems, grade
systems, and enterprise resource planning play a vital role, so do the libraries, catering systems, student
housing, and records for courses. The financial loss, embarrassment, and distortion of the institutions'
operations work as significant aftermaths. Another enormous subsequent outcome is the legislation on
disclosure laws, which differ from one country to the next. Several institutions give in, and employers
have to provide particular nominated employees to be in charge of information security, backed by the
necessary tools to implement the security and comply with the required legislation [9, 10]. Dozens of
educational institutions have recently faced a significant danger from cyberattacks, with the general
monthly breach report summarizing events unfolding in schools or further education colleges last month.
Australian universities are experiencing more and more hacking assaults, led by more than half by
snipers. Nigerian universities, in particular, faced a financial dilemma amid the rising demand for secure
online assessments. The danger of a single company and the destruction of education for an academic
period is real, but educational institutions must take IT and software effectiveness beyond security [11,
12].
Importance of Cybersecurity
The Increasing Role of Technology in Schools and Universities. Educational institutions are making
increasing use of technology for delivering instruction, communicating with students and staff,
administrative functions, research, and outreach to extend learning opportunities to a broader audience.
As technology becomes more integrated into educational activities, conducting them without this
technology is becoming more difficult [13, 14]. Protecting Sensitive Data. Schools and universities are
home to considerable personal information on both students and staff and have a responsibility to manage
that data properly. Sensitive data held at educational institutions can include: Students’ Personal
Information, Personally Identifiable Information, Personal Health Information, Financial Aid Records,
Academic Research Data, Marriage/Family Records, student records Treated as Directory Information,
Alumni Information, Employment Records, Institutional Finances [15, 16]. Legislation Compliance.
Several laws and statutes regulate schools’ and universities’ handling of educational records and other
sensitive information. The Family Educational Rights and Privacy Act is a federal law that protects the
privacy of student education records. The Health Insurance Portability and Accountability Act of 1996 is

Page | 53
a federal law that sets a national standard to protect the confidentiality of individuals’ health information.
The General Data Protection Regulation is a comprehensive European data protection law that imposes
significant requirements on institutions that offer services or products in the E.U. United States
institutions that offer services or products in the E.U. must comply with this law as well as the Privacy
Shield. The Children’s Online Privacy Protection Act is a United States federal law that oversees the
ways that commercial websites and online services collect and use personal data about children under 13
years old [17, 18].
Key Components of Cybersecurity Management
One of the most important parts of developing strategies for managing effective cybersecurity is
identifying preventable risks to educational institutions. That is why dragging out the process of risk
assessment, including identifying potential threats and vulnerabilities to the education sector and
assessing their potential impacts, is one of the most cost-effective investment efforts. Strategically, a
comprehensive overview of the entire education sector must be made, as well as a set of policies and
procedures as a way of presenting how to effectively manage certain government programs, certain
strategies, and/or certain protocols to prevent or minimize potential cybersecurity vulnerabilities.
Moreover, attention should also be directed to incorporating certain procedures and policies related to the
best practices of responsible data management. This may include certain forms of administrative
procedures, strategic plans, the understanding of operating principles, technical management structures,
employee training and education, and awareness for employees. The task of maintaining effective
cybersecurity should always include formulating and enforcing procedures and policies with the support
of certain educational materials that illustrate responsible behaviors for using college data, systems, and
equipment, as well as examples indicating what employees should do in the event of an actual incident.
More research, better, and basic cybersecurity algorithms are based on integrating the application and
performance of specific technologies, tweaks, and guidelines, such as spreading technology tools and
firewalls, the type of active defending technology such as intrusion detection systems, the application of
encryption technologies, and the use of certain network design elements for firewalling. It is worrying
that the collection of any independent individual information may provide the context for tracing patterns
regarding the general population [19, 20].
Best Practices in Cybersecurity Management for Educational Institutions
The above cybersecurity strategies for cyber resilience have certain limitations and are not easy to
implement for educational institutions. The lack of qualified staff, budget restrictions, and the fact that
training can often be one-off issues are some of the main challenges associated with implementing
cybersecurity strategies. As a result, the institutions need to implement the following best practices in
cybersecurity management. 1. Encourage a culture of security: This approach involves creating and
fostering an interest in raising awareness of the importance of security from all members of the
institution, from the school board down to the students. This has to be maintained as an organizational
goal. The fear of spoiling the 'collegiate' atmosphere can be off-putting to many management teams, but
the recent introduction of security officers as part of the university administration indicates the
seriousness of the approach necessary to undertake the activities of a successful cybersecurity framework.
2. Develop functions that establish a cybersecurity framework for error management in educational
institutions: Such a framework will consist mainly of policies routine procedures and protocols that
monitor and manage computer systems and associated access control, as well as damage limitation and
error rectification measures. Regular training and testing are required as there is no point in having
procedures unless all staff and students are aware of them and have a chance to test their response to an
error. Such regular testing also helps to reinforce the mindset that will be required before any such error
can be rectified, managed, and reported correctly. Issues of legal liability also need to be taken into
account. The technical warranties that are also part of the guidelines need to be undertaken to avoid such
liability [21, 22].
Case Studies and Lessons Learned
Two case studies are particularly revealing of the concerns and challenges brought about by such attacks.
These are the ransomware attack and the cyber incident. Each of these incidents provides insight into the
broad range of damage that can be wrought through cyberattacks, including patient care, research
integrity, and institutional reputational damage. In the case of the audacious ransomware attack, the
management strategies deployed, as well as those that were available but not utilized, raise important
issues for university management seeking to protect themselves against cyber threats. The conclusion

Page | 54
from the case studies reveals several key characteristics, narratives, and strategies challenging to those
within institutions seeking to manage cybersecurity, but critical to understand as they provide an
opportunity to enhance institutional responses and future resilience through proactive change [23, 24].
The likely entry point of a victim system was through email phishing. At the time of the incident,
monitoring systems that record electronic logs were implemented. The ransomware in our case was able
to traverse this network under the radar of the currently employed monitoring systems. The university
had made haste regarding remediating their systems and ensuring services critical for the ongoing
operation were restored. This was important for the university to uphold their student body, members of
staff, and research project stakeholders' perceptions of the idea that they were not impacted severely. One
of the key questions that system restores activities revealed was to understand the evolution and
sophistication of the attackers. Building a forensic timeline was identified as the most important critical
action response activity. The victim specialist also held three executive-level briefings to share
information on how the incidents were affecting the institutions to insinuate change. In the aftermath of
the incident, there have been a myriad of lessons reported on camaraderie and collaboration. The hack has
affected nearly all university services, including payroll and their online learning system. The website
remains offline while attempts to reboot the encrypted data continue. There was a need to shut down all
the applications to quarantine the system. A proposal was made to have a separate secure system isolated
and dedicated to university human resource functions. The promise to have the new secure system
operational has yet to be fulfilled. In the meantime, a comprehensive system was quickly developed and is
now ready to use. The usual cybersecurity defenses included firewalls, threat protection, a user education
program, password security, and network protection tools. The Director of Solution Delivery shared that
as global technologies are updated, the net of the bad content that they deal with has shrunk, and their
attacks are now more targeted and three times more prevalent [25, 26, 27].
CONCLUSION
As educational institutions continue to integrate technology into their operations, the need for robust
cybersecurity strategies becomes imperative. The increasing prevalence of cyberattacks, such as
ransomware, phishing, and denial-of-service incidents, underscores the importance of safeguarding
sensitive data and ensuring compliance with legal standards. By fostering a culture of security,
conducting regular risk assessments, and developing comprehensive cybersecurity frameworks,
educational institutions can mitigate vulnerabilities and enhance their resilience. Lessons from case
studies emphasize the importance of preparedness, collaboration, and investment in advanced
technologies to combat evolving threats. Proactively addressing cybersecurity challenges not only
protects institutional data but also preserves trust, enabling educational institutions to thrive in the
digital age.
REFERENCES
1. Bandari V. Enterprise data security measures: a comparative review of effectiveness and risks
across different industries and organization types. International Journal of Business Intelligence
and Big Data Analytics. 2023 Jan 20;6(1):1-1.
2. Alharbi T, Tassaddiq A. Assessment of cybersecurity awareness among students of Majmaah
University. Big Data and Cognitive Computing. 2021 May 10;5(2):23.
3. Amo Filvá D, Prinsloo P, Alier Forment M, Fonseca Escudero D, Torres Kompen R, Canaleta
Llampallas X, Herrero Martín J. Local technology to enhance data privacy and security in
educational technology. International journal of interactive multimedia and artificial intelligence.
2021;7(2):262-73. upc.edu
4. Al-Shehari T, Alsowail RA. An insider data leakage detection using one-hot encoding, synthetic
minority oversampling and machine learning techniques. Entropy. 2021 Sep 27;23(10):1258.
5. Moallem A. Cyber security awareness among college students. InAdvances in Human Factors in
Cybersecurity: Proceedings of the AHFE 2018 International Conference on Human Factors in
Cybersecurity, July 21-25, 2018, Loews Sapphire Falls Resort at Universal Studios, Orlando,
Florida, USA 9 2019 (pp. 79-87). Springer International Publishing.
6. Kesarwani A, Gochhayat S. Ransomware Attacks in the Healthcare Industry. Journal of Student
Research. 2023 Nov 30;12(4).
7. Saleh H, Mostafa S, Ismail AH, Srivastava S, Alsamhi SH. Swin-PSO-SVM: A Novel Hybrid
Model for Monkeypox Early Detection. IEEE Access. 2024 Dec 9.

Page | 55
8. Sun Y, Zhai B, Saierjiang H, Chang H. Disaster adaptation evolution and resilience mechanisms
of traditional rural settlement landscape in Xinjiang, China. International Journal of Disaster
Risk Reduction. 2022 Apr 15;73:102869. [HTML]
9. De Arroyabe IF, Arranz CF, Arroyabe MF, de Arroyabe JC. Cybersecurity capabilities and
cyber-attacks as drivers of investment in cybersecurity systems: A UK survey for 2018 and 2019.
Computers & Security. 2023 Jan 1;124:102954. sciencedirect.com
10. Riva MA, Paladino ME, Paleari A, Belingheri M. Workplace COVID-19 vaccination, challenges
and opportunities. Occupational Medicine. 2022 May 1;72(4):235-7. nih.gov
11. Diman AP, Rahman TK. Understanding the Root Cause of Cybersecurity Incidents Through
DuPont’s Dirty Dozen Framework. International Journal of Business and Technology
Management. 2024 Sep 1;6(3):226-41. mohe.gov.my
12. Trautman LJ, Shackelford S, Elzweig B, Ormerod P. Understanding Cyber Risk: Unpacking and
Responding to Cyber Threats Facing the Public and Private Sectors. University of Miami Law
Review. 2024 Oct 31;78.
13. Treve M. What COVID-19 has introduced into education: Challenges facing higher education
institutions (HEIs). Higher Education Pedagogies. 2021 Jan 1;6(1):212-27.
14. Beardsley M, Albó L, Aragón P, Hernández‐Leo D. Emergency education effects on teacher
abilities and motivation to use digital technologies. British Journal of Educational Technology.
2021 Jul;52(4):1455-77. wiley.com
15. VanLeeuwen CA, Veletsianos G, Johnson N, Belikov O. Never‐ending repetitiveness, sadness,
loss, and “juggling with a blindfold on:” Lived experiences of Canadian college and university
faculty members during the COVID‐19 pandemic. British Journal of Educational Technology.
2021 Jul;52(4):1306-22. nih.gov
16. Almossa SY. University students’ perspectives toward learning and assessment during COVID-
19. Education and Information Technologies. 2021 Nov;26(6):7163-81.
17. Ozalp H, Ozcan P, Dinckol D, Zachariadis M, Gawer A. “Digital colonization” of highly
regulated industries: an analysis of big tech platforms’ entry into health care and education.
California Management Review. 2022 Aug;64(4):78-107. sagepub.com
18. Antasari RR, Nilawati N, Adib HS, Sari RK, Sobari D. Gender Mainstreaming Problems in
Student Organizations at Islamic Religious Colleges. Al-Ishlah: Jurnal Pendidikan. 2022 Jun
16;14(2):2161-72. staihubbulwathan.id
19. Jemeljanenko A, Geske A. Management of Psychosocial Risks in The Educational Sector Of
Latvia. InSOCIETY. INTEGRATION. EDUCATION. Proceedings of the International
Scientific Conference 2019 May 21 (Vol. 6, pp. 215-223).
20. Trumbach CC, Payne DM, Walsh K. Cybersecurity in business education: The ‘how to’in
incorporating education into practice. Industry and Higher Education. 2023 Feb;37(1):35-45.
sagepub.com
21. Catal C, Ozcan A, Donmez E, Kasif A. Analysis of cyber security knowledge gaps based on cyber
security body of knowledge. Education and Information Technologies. 2023 Feb;28(2):1809-31.
springer.com
22. Triplett WJ. Addressing cybersecurity challenges in education. International Journal of STEM
Education for Sustainability. 2023 Jan 1;3(1):47-67. gmpionline.com
23. Prince NU, Al Mamun MA, Olajide AO, Khan OU, Akeem AB, Sani AI. IEEE Standards and
Deep Learning Techniques for Securing Internet of Things (IoT) Devices Against Cyber
Attacks. Journal of Computational Analysis and Applications. 2024;33(7). researchgate.net
24. Steingartner W, Galinec D, Kozina A. Threat defense: Cyber deception approach and education
for resilience in hybrid threats model. Symmetry. 2021 Apr 3;13(4):597.
25. Eze VH, Ugwu CN, Ugwuanyi IC. A Study of Cyber Security Threats, Challenges in Different
Fields and its Prospective Solutions: A Review. INOSR Journal of Scientific Research.
2023;9(1):13-24.
26. Matthijsse SR, Moneva A, van’t Hoff-de Goede MS, Leukfeldt ER. Examining ransomware
payment decision-making among small-and medium-sized enterprises. European Journal of
Criminology. 2024 Nov 14:14773708241285671.

Page | 56
27. Yadav S, Loonkar S. Automated Malware Classification Using Deep Learning Neural Networks.
In2024 IEEE 13th International Conference on Communication Systems and Network
Technologies (CSNT) 2024 Apr 6 (pp. 206-212). IEEE. [HTML]
CITE AS: Kakembo Aisha Annet (2025). Cybersecurity in
Educational Institutions: Management Strategies. EURASIAN
EXPERIMENT JOURNAL OF HUMANITIES AND SOCIAL
SCIENCES 6(2):51-56.

Cybersecurity in Educational Institutions: Management Strategies (www.kiu.ac.ug)

More Related Content

Similar to Cybersecurity in Educational Institutions: Management Strategies (www.kiu.ac.ug) (20)

More from publication11 (20)

Recently uploaded (20)

Cybersecurity in Educational Institutions: Management Strategies (www.kiu.ac.ug)