top of page
  • Writer's pictureJared Thompson

Education Providers need to review their existing Cyber Security Processes

Education institutions are seen as easy prey to a growing number of cyber-criminals. We’ve already seen the National Cyber Security Centre (NCSC) warn of a spike in the targeting of schools, universities and colleges again in March of 2021.

Back in August, the Department for Education and the Government’s cyber-security arm became so concerned that they alerted schools about the importance of putting adequate measures in place.

A DfE circular warned schools of the increasing number of cyber-attacks involving ransomware affecting the education sector and advised schools to take up an urgent review of existing defences to protect their networks.

What can schools do about being soft targets for cyber-criminals?

Unlike many big institutions such as banks or big businesses, we understand that education establishments do not have large budgets to protect their networks and invest in training their staff. Like many businesses, they are unaware of how important it is for them to make backups of their data. Backups are just as vulnerable to ransomware if they aren’t being stored separately from the network where live data is.

  • Clickjacking — tricking users into clicking on something other than what they think they are — is the most common form of hacking in education, at 66%.*

  • Seven in every 10 workers in the education and training sector claim they have not been trained sufficiently against cyber threats.*

*Taken from a recent report by Specops.

Cybercriminals will demand money in exchange, not for valuable they perceive your data to be worth, but for you to regain operational capability. Without the right protection, a school can find that regaining operational capability can take days or weeks to get back to working normally again.

With the NCSC’s recent notification, schools, colleges and universities continue to be targeted by cybercriminals. Schools are left with no doubt that they need to take cyber security seriously and take immediate action to ensure their IT systems are adequately protected.

The rise in people using laptops remotely, thanks to remote working and teaching during the pandemic, has led to unsecured networks, which have caused major issues for IT departments.

The most sinister development that schools need to avoid at all cost is that hackers are looking to gain access to a school’s network to encrypt their backups.

For this reason, onsite backup servers have become major targets for cyber-criminals trying to ensure a ransom is paid. If your backups are on the same network as live data and a ransomware infection take hold, all data on that network, including backups, are susceptible to becoming infected.

The ransomware can be stopped if an offsite backup that has been encrypted at the source is protected because it’s held separately from the network where live data is.

What can schools do to protect themselves?

The NCSC urges all education providers to review their existing defences immediately:

  1. Backing up your data.

  2. Holding backups separately from the network where live data is stored.

  3. Regular testing to ensure all data can be recovered successfully.

The ability to recover data quickly

It’s not just single files; all data will be corrupted if a school is infected by a ransomware attack.

Recovering all data promptly after a ransomware attack is imperative to maintain lessons (malware can stop teachers and students from access to online education materials).

Having backups stored securely in geographically separate data centres ensures an air gap between live data and the backup. And make sure you’ve encrypted data before it is sent to a data centre means a malicious file is unable to execute and cannot compromise your backups.

Complying with GDPR

Recovering data can be a hugely time-consuming, if not impossible, task, but that is not the only problem for a school that has been hit by a ransomware attack.

There is also the hurdle of avoiding financial penalties at the hands of the Information Commissioners Office for falling foul of the Data Protection Act 2018, which is the UK’s implementation of the General Data Protection Regulation (GDPR).

Article 32 of the GDPR clearly states that organisations must ‘restore the availability and access to personal data promptly in the event of a physical or technical incident’.

The keywords in this guidance are ‘timely manner. Implementing a solution that would take days or weeks to recover data is unsuitable.

Backing up with Redstor

Our national Cyber Resilience Centre partners Redstor utilise Insight and industry-leading reporting to ensure all correct data is backed up. They work to protect the data in more than 12,000 educational establishments nationwide.

Redstor does not require hardware on-site; they use an archiving feature that frees up primary storage space by offloading rarely accessed data to the cloud, avoiding further hardware investment. Learn more here.


How can we support your business?

Phishing 292 x 219px.png

Raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats.


Training your employees on what a phishing attack looks like makes them more likely to identify and report scams.

security awareness training.png

Our training package is designed and delivered by cyber experts giving you access to the most up-to-date information in an ever-changing cyber landscape.

You can purchase single-place training spots or a cyber security workshop.

Community Members

Our premium membership package is aimed at medium-sized businesses and includes bespoke security awareness training sessions.


This allows your business to train several cyber security champions and an assessment of your cyber risk. 

bottom of page