Cyber Security Awareness in the Education Sector
In light of multiple attacks against colleges in Greater Manchester and the North West, the Cyber Resilience Centre is launching a campaign to help raise cybersecurity awareness and resilience within the education sector.
In August 2020 (GCSE results day), Myerscough College was one such college who were targeted by a ransomware attack. This attack meant students could not access their GCSE results at a vitally important part of their summer. Lancashire Police approached the CRC to help with the data recovery, and we referred Myerscough College to our former Cyber Essentials Partner SaaSAge. They then helped get the college back online following the attack.
As an education body, what are the questions you should ask yourself regarding Cyber Security?
Are all your staff members trained in cybersecurity?
If the answer to this question is no, steps should be taken to rectify this.
Staff members act as your strongest defence against cyberattacks. Unfortunately, without training, they can also be your biggest frontline risk. Thousands of pounds can be spent implementing sophisticated security software, but if your staff cannot recognise phishing emails, that is by far the easiest way in for attackers to gain access to your systems.
We provide Security Awareness Training that can be delivered virtually to all staff members. The training covers various cybersecurity subjects, from passwords and phishing to spoofed websites and multi-factor authentication. We ensure that our training is broken down into easy-to-understand snippets to help increase your awareness of the threats your organisation may have to face.
Each session is fully tailored to our audience and can be designed to be delivered at all organisational levels to any number of employees.
Do your Principles, Governors and Heads of Departments understand spear phishing, whaling and their digital footprint?
Cybercriminals use spear-phishing and whaling to directly target individuals by pretending to know them. This is done by gathering as much freely available information as possible about the individual from the internet. It is often quite shocking how much information is available and how successful these attacks are.
We offer both corporate and individual internet investigations; these simulated reconnaissance exercises focus on an individual or individuals within your organisation. We investigate all aspects of their internet footprint and produce attack methodologies based on our findings. This method simulates what an attacker would do when trying to compromise an individual and the sites they use online.
Why do you need Cyber Essentials?
Cyber Essentials is already mandatory for all further education providers, with Cyber Essentials Plus now mandatory for the 2021/22 academic year.
Cyber Essentials is an independently verified self-assessment certification which gives your business protection against the most common cyber attacks. Cyber Essentials Plus is similar, but it involves an independent external certified body who performs a technical audit of your systems.
What are the Benefits?
Increase credibility and reputation by showing you take security and data protection seriously.
Certification includes automatic cyber liability insurance for any organisation who certifies their whole organisation and have less than £20m annual turnover (terms apply).
Save money - data breaches can cost small/medium companies £50,000 - £150,000.
We've launched a dedicated area of resources to support the education sector, following our guidance (and guidance from the NCSC) will significantly increase your protection from the most common types of cybercrime.