A Cyber Security in UK schools report showed that 17% of schools reported a cyber attack; ransomware was the most common of these attacks (48%).
This report carried out by SWGfL, in partnership with the University of Kent and supported by Bitdefender, showed that schools need to develop a strategy to protect against the effects of a ransomware attack. Key to this is regular Security Awareness Training, regular backup/recovery processes and a Cyber Incident Plan when faced with an attacker.
What is Ransomware?
Ransomware involves the use of computer viruses that threaten to delete (or release publicly) your files unless the ransom is paid (often in bitcoin). Like other computer viruses, it usually finds its way onto a device by exploiting a security hole in vulnerable software, cracking weak passwords or tricking somebody into installing malware via a phishing email.
Cyber Security in Schools
The report showed that schools aren’t aware of the risks, A further 31% of respondents said that they do not have an IT security policy in place, so they were unaware of the dangers that might affect their data and assets.
You must keep your school secure by implementing cyber security, password, social media and working from-home policies but also give staff regular security awareness training.
Whilst basic knowledge of cyber security should be expected from all your staff, it’s important to implement cyber security training as a business. You should increase the activity level with specific guidance on the types of attacks schools are more likely to face.
We know that Schools, Colleges and universities must stay protected against ransomware - cyber attackers often strike during busy exam weeks and when students are given exam results. This is to cause maximum disruption to your systems to encryption large volumes of data and make you more likely to pay the ransom demand to get this data back at such an important time of the year.
Nurseries and Childminders are also appealing targets for Cyber-Attackers, with one in four nurseries having experienced a data breach in the last 12 months.
How does a Ransomware attack disrupt schools?
In June of 2021, the Evening Standard reported that two schools in Kent were forced to send pupils home and shift to remote teaching. This is after hackers broke into servers and encrypted sensitive information on pupils. The academy was forced to send out communications urging parents to contact their banks to inform them that personal details could have been stolen.
⚠️ Just four in ten primary schools have given staff Security Awareness Training in the last 12 months. ⚠️
You must implement cyber security training when onboarding new staff and then follow this training up throughout the school year.
How can the Cyber Resilience Centre help schools?
Headteachers, Directors, Staff and IT leaders working in schools and academies can sign up for our free membership and download our Cyber Incident Plan to start their journey to stay protected against the most common cyber threats, such as phishing and ransomware attacks. Larger academies can also open discussions with us to invest in your staff and take advantage of our affordable cybersecurity services.
This includes security awareness training, vulnerability assessments and simulated phishing attacks. Investing in our services and guidance can inform your cyber security strategy and save you money in the long term.
My school has been the victim of a cyber attack. What do I do?
If you are dealing with a live cyber attack, call Action Fraud at 0300 123 2040
When reporting a cyber attack which isn't ongoing, head to Action Fraud and their online reporting tool
When you report a fraud to Action Fraud, you are given a police crime reference number, and your case will be referred to the National Fraud Intelligence Bureau (NFIB), which is run by the police.
