Category: security

  • Are we reducing research security risk, or just shifting it around?

    Are we reducing research security risk, or just shifting it around?

    In an era of heightened geopolitical tension, research security has shot to the top of policy agendas worldwide. Governments and institutions are implementing new measures intended to safeguard sensitive science against threats like espionage, theft, and undue foreign influence.

    The Flagship EU Conference on Research Security, held recently in Brussels, underscored the urgency: for the first time, the European Union announced plans to anchor research security in EU law via a forthcoming European Research Area. It also confirmed proposals for a range of new support measures including a European Centre of Expertise, an international collaboration due diligence platform, and a common resilience testing methodology.

    Yet amid these proactive steps lurks a critical question: are current research security frameworks genuinely reducing risk, or merely redistributing it across borders? There is growing evidence that without careful coordination, well-intentioned safeguards in one country can simply deflect threats to less-regulated arenas. In its recent note on “Research Security as a Shared Responsibility”, conference co-organiser CESAER noted the need to build resilience in Europe through “collective responsibility and trust.” It emphasised that “making a level playing field across the continent” is essential. But why should the level playing field stop there?

    The waterbed effect

    Across the world – and even within Europe – research security frameworks vary wildly. This fragmentation is more than just a bureaucratic quirk; it can actively undermine the intention to reduce risk. If one institution or country imposes rigorous security checks, a hostile actor can simply target a more permissive collaborator elsewhere, bypassing the tightest gate by entering through an unlocked side door.

    Research managers from across European countries and beyond recently voiced a clear message through the “Stronger Cooperation, Safer Collaboration” project: divergent national approaches are creating duplication, confusion, and vulnerability in research security. Some nations have strict regulatory frameworks; others rely on informal guidelines and self-regulation, and some have yet to implement any framework at all. This disharmony forces collaborating institutions to navigate a patchwork of rules. Crucially, it creates a race to the bottom: “The first to act loses out,” as one research manager put it, meaning institutions that impose tougher controls risk losing collaborations or talent that underpin their institutions impact and financial resilience. Conversely, overly open environments risk becoming safe havens for those trying to evade stricter jurisdictions, leading to longer term losses through knowledge leakage from the same global collaborative projects.

    This dynamic has played out in anecdotal reports: one trusted research manager at a research-intensive university in the UK shared that they had experienced a recent case in which a PhD candidate who had unsuccessfully appealed an Academic Technology Approval Scheme (ATAS) refusal told their UK institution not to worry, as they had received an offer from elsewhere in Europe. Colleagues elsewhere in the UK and in Denmark confirmed similar experiences – Denmark and the UK being two countries now taking a firm line on vetting international research ties.

    The pattern highlights a potential unintended consequence: was the risk eliminated, or was it shifted to another institution? It raises the question as to whether early inward-facing approaches have inadvertently created a “waterbed effect”: press down on risk in one place, and it pops up elsewhere, undermining the overall goal of a safer global research environment.

    Shifting risk to the Global South

    The “risk transfer” phenomenon in research security isn’t just a North Atlantic or European problem. It can play out globally, often to the detriment of researchers in the Global South. Many high-income countries (such as the US, UK, Canada, Australia, and some EU states) have ramped up protections for their own institutions. This includes stricter export controls on sensitive technologies, visa vetting of foreign researchers, requirements for disclosure of overseas ties, and due diligence on international partners. But those seeking access to advanced research can respond by targeting less fortified partners in countries where such measures are not yet in place or enforced.

    This dynamic means that Global South collaborators sometimes become passive recipients of risk. I spoke with Dr Palesa Natasha Mothapo, Director of Research Support and Management of Nelson Mandela University and an alumnus of the Women Advance Research Security Fellowship, who has led initiatives to engage institutions in South Africa and beyond on research security. She noted that South Africa has a thriving research and innovation ecosystem with highly sensitive research, but discussions on research security remain at a very early stage. Even so, Mothapo noted that institutions in South Africa generally benefit from greater financial security due to national investment and infrastructure and colleagues from elsewhere in the Global South feel even more exposed to the risks.

    When working with international funders, institutions are often forced to accept onerous funding terms and conditions set by wealthier partners and conditions which aim to shift responsibility and liability downward. Those terms and conditions have often not been formulated fully considering the local context or capacity. For example, a major research funding agreement from a US or European sponsor might require the African or Asian sub-grantee to comply with strict cybersecurity protocols, international export-controls or vetting of staff. Lacking an equal say in drafting these terms, the partner institution does its best to comply, effectively shouldering the security burden – but it may not have the inhouse experts, resources or infrastructure that its counterparts are able to rely on. But if something goes wrong, who bears the blame or consequences? If our actions only result in shifting the blame but fail to mitigate the likelihood or consequences, they have failed altogether. This inequity can erode trust and perpetuate harm.

    To counteract this erosion, changes in terms and conditions need to accompanied by the capacity strengthening, partnership and co-creation that accounts for what each collaborator values and seeks to protect. In the last three years, I have worked with researchers, research managers, innovation professionals and policy makers from over 50 different countries on capacity strengthening in research security. While the contexts vary greatly, there are still commonalities in the challenges we face and significant opportunity for cooperation and knowledge exchange. Raising standards everywhere is not a zero-sum game but creates a more stable, level playing field for all. This is the solution to truly reduce risk globally, instead of shifting it around.

    Towards harmonisation and mutual support

    If current research security measures risk shifting problems around, what is the remedy? The experts and stakeholders convened in Europe and elsewhere seem to converge on a key principle: harmonisation and capacity-building. Rather than each country acting in isolation (or worse, in competition) on research security, there’s a call for joint action to raise the floor globally and key actions have begun in this direction.

    There is also a growing recognition that culture change is as important as policy change. The concept of research security is relatively new in academia’s culture of openness. We need to foster a culture where security is seen not as a hindrance or a nationalist agenda, but as a shared duty to protect the integrity of science. That means those implementing security must do so in a way that is transparent and respects values like academic freedom and open science.

    To return to our original question: are we actually reducing risk or just shifting it elsewhere? At present, the answer is: a bit of both. The flurry of research security policies in recent years has plugged many gaps that were previously exploitable. Major economies are certainly harder targets for espionage and IP theft than they were a decade ago, thanks to these efforts.

    However, as protections evolve so do threats and tactics and there is little room for complacency. Some of those same efforts have diverted actors to take different approaches, including in some cases exporting the risk to less prepared quarters, or creating new frictions in the research enterprise. A chain is only as strong as its weakest link, and right now the “chain” of global science has some weak links open to exploitation. The good news is that the solution is within reach through international cooperation.

    We reduce research security risk only when we reduce it for everyone. If instead we simply push the risk around, it will eventually circle back and hit us from behind. The current trends – increased awareness, dialogue, and alignment – give reason for optimism. The UK government has indicated that international capacity strengthening will form part of their anticipated research security strategy.

    The next few years will be critical in translating these insights into practice. If we succeed, we will be on track to celebrate a genuinely safer, more collaborative global research environment – one where risk is tackled collectively, not passed like a hot potato.

    Source link

  • How school IT teams lock down QR-based SSO without hurting usability

    How school IT teams lock down QR-based SSO without hurting usability

    Key points:

    Schools can keep QR logins safe and seamless by blending clear visual cues, ongoing user education, and risk-based checks behind the scenes

    QR-based single sign-on (SSO) is fast becoming a favorite in schools seeking frictionless access, especially for bring-your-own-device (BYOD) environments.

    The BYOD in education market hit $15.2 billion in 2024 and is projected to grow at a 17.4 percent CAGR from 2025 to 2033, driven by the proliferation of digital learning and personal smart devices in schools.

    However, when attackers wrap malicious links into QR codes, school IT leaders must find guardrails that preserve usability without turning every login into a fortress.

    Phishing via QR codes, a tactic now known as “quishing,” is where attackers embed malicious QR codes in emails or posters, directing pupils, faculty, and staff to fake login pages. Over four out of five K-12 schools experienced cyber threat impacts with human-targeted threats like phishing or quishing, exceeding other techniques by 45 percent.

    Because QR codes hide or obscure the URL until after scanning, they evade many traditional email spam filters and link scanners.

    Below are three strategies to get that balance between seamless logins and safe digital environments right.

    How to look out for visual signals

    Approximately 60 percent of emails containing QR codes are classified as spam. Branded content, such as the school or district logo, consistent with the look and feel of other web portals and student apps, will help students identify a legitimate QR over a malicious one.

    Frontier research shows that bold colors and clear iconography can increase recognition speed by up to 40 percent. This is the kind of split-second reassurance a student or teacher needs before entering credentials on a QR-based login screen.

    Training your users to look for the full domain or service name, such as “sso.schooldistrict.edu” under the QR, is good practice to avoid quishing attacks, school-related or not. However, this will be trickier for younger students.

    The Frontier report demonstrates how younger children rely more heavily on color and icon cues than on text or abstract symbols. For K-12 students, visual trust cues such as school crests, mascots, or familiar color schemes offer a cognitive shortcut to legitimacy.

    Still, while logos and “Secured by…” badges are there to reassure users, attackers know this. Microsoft, Cisco Talos, and Palo Alto Unit42 have documented large-scale phishing campaigns where cybercriminals cloned Microsoft 365 and Okta login pages, complete with fake security seals, to harvest credentials.

    For schools rolling out QR-based SSO, pairing visible trust cues with dynamic watermarks unique to the institution makes it harder for attackers to replicate.

    User education on quishing risk

    Human error drives most breaches, particularly in K-12 schools. These environments handle a mix of pupils who are inexperienced with security risks and, therefore, are less likely to scrutinize QR codes, links, or credentials.

    Students and teachers must be taught the meaning of signs and the level of detail to consider in order to respond more quickly and correctly. A short digital literacy module about QR logins can dramatically cut phishing and quishing risk, reinforcing what legitimate login screens should look like. These should be repeated regularly for updates and to strengthen the retrieval and recognition of key visual cues.

    Research in cognitive psychology shows that repeated exposure can boost the strength of a memory by more than 30 percent, making cues harder to ignore and easier to recall. When teaching secure login habits, short, repeated micro-lessons–for example, 3-5 min videos with infographics–can boost test scores 10-20 percent. Researcher Piotr Wozniak suggests spacing reviews after 1 day, then 7 days, 16 days, 35 days, and later every 2-3 months.

    With proper education, students should instinctively not trust QRs received via text message or social media through unverified numbers or accounts. Encouraging the use of a Secure QR Code Scanner app, at least for staff and perhaps older students, can be helpful, because it will verify the embedded URL before a user opens it.

    When to step up authentication after a scan

    QR codes make logging in fast, but after a scan, you don’t have to give full access right away. Instead, schools can use these scans as the first factor and decide whether to require more proof before granting access, depending on risk signals.

    For example, if a student or teacher scans the QR code with a phone or tablet that’s not on the school’s “known device” list, the system should prompt for a PIN, passphrase, or MFA push before completing login. The same applies to sensitive systems that include student data or financial information.

    Microsoft’s 2024 Digital Defense Report shows that adding MFA blocks 99.2 percent of credential attacks. That means a simple SMS or push-based MFA can drastically slash phishing and quishing success rates. By adding a quick MFA prompt only when risk signals spike, school IT teams preserve the speed of QR logins without giving up security.

    Schools can also apply cloud-security platforms to strengthen QR-based SSO without sacrificing ease of use. These tools sit behind the scenes, continuously monitoring Google Workspace, Microsoft 365, and other education apps for unusual logins, risky devices, or policy violations.

    By automatically logging every QR login event, including device, time, and location, and triggering alerts when something looks off, IT teams gain visibility and early warning without adding extra friction for staff or students. This approach lets schools keep QR sign-ins fast and familiar with risk-based controls and data protection running in the background.

    Schools can keep QR logins safe and seamless by blending clear visual cues, ongoing user education, and risk-based checks behind the scenes. Students and staff learn to recognize authentic screens, while IT teams add extra verification only when behavior looks risky. Simultaneously, continuous monitoring tracks every scan to catch problems early and improve education resources, all without slowing anyone down.

    Latest posts by eSchool Media Contributors (see all)

    Source link

  • Understanding how inflation affects teacher well-being and career decisions

    Understanding how inflation affects teacher well-being and career decisions

    Key points:

    In recent years, the teaching profession has faced unprecedented challenges, with inflation emerging as a significant factor affecting educators’ professional lives and career choices. This in-depth examination delves into the complex interplay between escalating inflation rates and the self-efficacy of educators–their conviction in their capacity to proficiently execute their pedagogical responsibilities and attain the desired instructional outcomes within the classroom environment.

    The impact of inflation on teachers’ financial stability has become increasingly evident, with many educators experiencing a substantial decline in their “real wages.” While nominal salaries remain relatively stagnant, the purchasing power of teachers’ incomes continues to erode as the cost of living rises. This economic pressure has created a concerning dynamic where educators, despite their professional dedication, find themselves struggling to maintain their standard of living and meet basic financial obligations.

    A particularly troubling trend has emerged in which teachers are increasingly forced to seek secondary employment to supplement their primary income. Recent surveys indicate that approximately 20 percent of teachers now hold second jobs during the academic year, with this percentage rising to nearly 30 percent during summer months. This necessity to work multiple jobs can lead to physical and mental exhaustion, potentially compromising teachers’ ability to maintain the high levels of energy and engagement required for effective classroom instruction.

    The phenomenon of “moonlighting” among educators has far-reaching implications for teacher self-efficacy. When teachers must divide their attention and energy between multiple jobs, their capacity to prepare engaging lessons, grade assignments thoroughly, and provide individualized student support may be diminished. This situation often creates a cycle where reduced performance leads to decreased self-confidence, potentially affecting both teaching quality and student outcomes.

    Financial stress has also been linked to increased levels of anxiety and burnout among teachers, directly impacting their perceived self-efficacy. Studies have shown that educators experiencing financial strain are more likely to report lower levels of job satisfaction and decreased confidence in their ability to meet professional expectations. This psychological burden can manifest in reduced classroom effectiveness and diminished student engagement.

    Perhaps most concerning is the growing trend of highly qualified educators leaving the profession entirely for better-paying opportunities in other sectors. This “brain drain” from education represents a significant loss of experienced professionals who have developed valuable teaching expertise. The exodus of talented educators not only affects current students but also reduces the pool of mentor teachers available to guide and support newer colleagues, potentially impacting the professional development of future educators.

    The correlation between inflation and teacher attrition rates has become increasingly apparent, with economic factors cited as a primary reason for leaving the profession. Research indicates that districts in areas with higher costs of living and significant inflation rates experience greater difficulty in both recruiting and retaining qualified teachers. This challenge is particularly acute in urban areas where housing costs and other living expenses have outpaced teacher salary increases.

    Corporate sectors, technology companies, and consulting firms have become attractive alternatives for educators seeking better compensation and work-life balance. These career transitions often offer significantly higher salaries, better benefits packages, and more sustainable working hours. The skills that make effective teachers, such as communication, organization, and problem-solving, are highly valued in these alternative career paths, making the transition both feasible and increasingly common.

    The cumulative effect of these factors presents a serious challenge to the education system’s sustainability. As experienced teachers leave the profession and prospective educators choose alternative career paths, schools face increasing difficulty in maintaining educational quality and consistency. This situation calls for systematic changes in how we value and compensate educators, recognizing that teacher self-efficacy is intrinsically linked to their financial security and professional well-being.

    Latest posts by eSchool Media Contributors (see all)

    Source link