The Importance of Cyber Security in Schools

The Importance of Cyber Security in Schools

Halchax Ltd Hall: Bett Hall Stand: SM90

A successful cyber-attack can cause major damage to your organisation. As well as disrupting systems and networks, it can be expensive to fix, compromise safeguarding, seriously damage your reputation and, under the EU GDPR (General Data Protection Regulation), lead to fines. Fortunately, following some simple and low-cost steps can dramatically reduce the risk of attack, and reassure others that you take data protection seriously.

One in five schools and colleges have fallen victim to cybercrime, according to research from specialist insurer Ecclesiastical. Of those that suffered a cyber-attack, 71% downloaded malware and 50% experienced phishing attacks.

In 2020, the UK’s Department for Digital, Culture, Media and Sport conducted a Cyber Security Breaches Survey with a section focused specifically on the education sector. Its findings made for perturbing reading. The results of the survey showed that 41% of primary schools, 76% of secondary schools and 80% of further education institutions had identified at least one cyber-attack or security breach in the previous 12 months.

Hackers and cybercriminals appear to be increasingly turning away from larger organisations in favour of targeting smaller institutions – seen as low hanging fruit – that may be less well equipped to deal with a scam or hacking attempt. The fallout from a security breach can have devastating consequences for schools.

Previous attacks have resulted in significant financial losses, sensitive data on students, parents and staff being lost or published online and have even forced temporary school closures. With schools firmly in the crosshairs of cybercriminals, the importance of a secure digital infrastructure has never been greater.

One of the most effective ways to protect against cyber scammers is training staff to spot phishing attacks and malicious downloads and implementing safety checks such as 2FA (two-factor authentication) for all school systems.

Cybercriminals can embed malware in email attachments, which if downloaded can spread through a school’s network to steal confidential information and demand a ransom for its release. Phishing attacks typically involve a scammer posing as a trusted source – such as HR staff – and asking for confidential information which can then be used to access school systems.

Cybercriminals work to identify attack vectors, known as weaknesses in an organization’s digital infrastructure. School servers, if improperly maintained, can become a further vector used to infiltrate a school’s various systems. Moving from on-premises servers to a managed cloud-hosted environment can protect against these vulnerabilities by offering sophisticated safeguarding technologies and protocols that may otherwise be unaffordable to individual schools.

Managed cloud-hosted solutions include performance and security services that protect against DDOS (distributed denial of service) attacks, and web application firewalls that automatically prevent hacking attempts.

Cloud-hosted solutions also offer enterprise managed detection and response (MDR), which protects data from attacks, whilst being monitored by a team of security experts who continually pull data from servers and scan it for threats and attacks.

Another means of protecting servers involves regular server maintenance which ensures servers are running on the latest instance and prevents cybercriminals from exploiting outdated or unpatched systems. Lastly, managed services back up servers hourly, so in the event of an incident, it can be restored without losing days or months’ worth of crucial data.

Educators also need to think about the agility of their systems. If necessary, for example, in the case of a pandemic, how quickly could they switch to a model where staff and students work from home without compromising on school cyber security policies? It’s a serious consideration: If school resources were to be made inaccessible by a ransomware attack, learning could grind to a halt.

While the risks of malware and data theft are relevant to any organisation with personal data and computers, schools are particularly exposed to several other risks relating to online safety, including:

– Exposure to sexually explicit, racist, violent, and extremist content

– Inappropriate contact from people who may wish to abuse, exploit, or bully them

– Students themselves engage in harmful online behaviour

– Prioritising the physical and online safety of children continues to be a focus for schools’ leadership teams and it’s important that IT teams can review and implement changes to ensure their online safety.

Useful Resources

https://www.itgovernance.co.uk/gdpr-for-schools

https://www.itgovernance.co.uk/blog/cyber-attacks-hit-a-fifth-of-schools-and-colleges

https://static1.squarespace.com/Academy_trust_handbook_2021.pdf

Loading

Our Partners