Cyber Security Guidance for
the Education Sector
How do we support the Education Sector?
Now more than ever, schools are relying on their online IT and ed-tech services to help with teaching and admin tasks. Your staff can play a key role in being the front line in keeping these IT services (and the information they access) secure and available.
Schools, Universities and Colleges (much like businesses) are increasingly reliant on IT and technology. Falling victim to a range of cyber activities aimed to cause harm and long-term damage. As the threat to the education sector increases, losing access to technology or suffering a data breach through a cyber attack can be devastating. Both to your reputation and your long-term future.
We know that not all teachers and support staff are very knowledgeable when it comes to cybersecurity. But we know that the appetite to learn through staff training, and new resources helps bridge this knowledge gap.
At the North West Cyber Resilience Centre, we want to help all the Schools, Universities and Colleges in the North West to feel better armed to face the challenges that arise from rapid technological advancement. We can't guarantee protection from all types of cyberattacks, but following our guidance (and from the NCSC) will significantly increase your protection from the most common types of cybercrime.
If you would like to stay up to date against the latest threats, please sign up for our membership.
How big a problem is cybercrime for the education sector?
Cyber-attacks affect school, colleges and universities of all sizes across the UK.
63% of Secondary Schools and 82% of further education colleges identified breaches or attacks in the last 12 months.
86% of Secondary Schools and 92% of further education colleges experienced a phishing attack, according to the 2023 CSBS Survey.
What are the top 3 threats that the education sector is facing?
01 / PHISHING
Phishing involves criminals sending un-targeted, mass emails to many people asking for sensitive information (such as login details) or encouraging them to visit a fake website.
02 / IMPERSONATION
Impersonation can include fraudsters pretending to be your business by hijacking your invoices and contacting your customers in order for them to be paid instead of you.
03 / RANSOMWARE
Ransomware (including Malware) is malicious software that can damage your network, make your systems unusable or encrypt your data until you make a payment to the cyber criminals.
What services do the Cyber Resilience Centre offer?
We can provide a range of affordable, professional cyber security services that help your organisation assess, build and manage your cyber security capabilities, build confidence in your staff, understand your vulnerabilities and secure your organisation.
As a school, college or university, you will regularly store, manage, and oversee valuable personal and financial data from students, suppliers and staff. You’re entrusted with sensitive data, so you need to be aware of the latest cyber-related risks and cyber-attacks.
We can perform a comprehensive review of publicly available information about your organisation. This can help you learn what is being said about you online, what details or passwords have been leaked or if there are any damaging news stories or social media posts.
It's important you test your IT system configuration with a vulnerability assessment, this assessment uses the same techniques used by hackers to ensure your organisation is not wide open to a cyber attack.
We have designed a Cyber Health Check to provide you with a summary of your cyber risks through a self-assessment questionnaire and police-certified recommendations report and action plan.
Do you have a Cyber Incident Response Plan?
We have created a Cyber Incident Response Pack, which contains documents to help support your organisation's plan for its response to a cyber incident.
These documents are designed to complement any existing plans or assist you in creating one.
The Incident Response Pack includes:
Incident Guide Introduction
Prepare Your Business Checklist
Emergency Contact List Template
Incident Response Communications
Legal Implications of a Cyber Incident
Is it time for your Cyber Health Check?
Our Cyber Health Check provides you with a summary of your Cyber Risks and an action plan which will help protect you against the latest cyber threats.