The prevalence and sophistication of cyber-attacks are increasing all the time. With this is mind, we caught up with Neil Watkins, managing director of Think IT, on how schools can best protect their systems from being breached
The threat of a cyber-attack is prevalent within business, especially for larger companies which may have a lot of data and its reputation to protect. If you Google ‘cyber-attack’ multiple stories from the last week are bound to come up, highlighting the real danger of such attacks for every company; as we all know, it is no longer a question of if, but when. And this is now where the focus lies; to be fully protected, cyber-security systems need to know the moment there is a breach and to shut the network down immediately.
However, when it comes to the education sector, there is a misconception that schools are not as vulnerable to attacks as those in the corporate sector. This is simply not true. Schools need to be adequately prepared for a security attack. The government certainly recognises this with its 2016 green paper on the Industrial Strategy which introduced funding to schools for cyber-security.
Schools may be right to think that the likelihood of an external attack presents a lower risk than in the business sector, but they should also be cautious because there is a possibility that data breaches can actually happen from staff, or even students.
Despite thinking that primary — or even secondary — students couldn’t possibly pose a threat, it’s becoming a reality that children are gaining the skills, the time and the access to systems, and this could have a significant impact on the whole school.
We work with schools on a regular basis to ensure that they are compliant, are taking effective steps to minimise the chances of a breach and, if such a thing were to happen, to minimise the damage this could cause.
A coherent IT strategy
In order for IT and technology in a school to work effectively, clear communication and a proactive strategy must be in place, and revisited each year. No matter how big a school is, it’s essential that the IT team have a strategy in place in for when a cyber-attack happens.
The first step would be to ensure that IT tests, and the monitoring of tech, are carried out regularly. Identifying key information that could be at risk — such as pupil data and banking information — and assessing the risk of exposure, will prepare the team to take effective steps to further neutralise the risk.
Tools to help the process
There are plenty of tools out there to support schools. For example, I would recommend schools carry out ‘penetration testing’ to really assess how easily the system can be attacked. This involves professionals assuming the role of hackers and testing how vulnerable the system is to attack. It also provides them with the opportunity to discover hidden weaknesses in systems, and the applications on each device, which could be ‘blind’ to the average computer user.
The problem is that a method such as this costs money — and schools with tight budgets struggle to afford it, despite the very strong arguments for doing so. I would recommend that all schools invest in doing this once, so they really know the status of their IT and can build an effective foundation which could, potentially, save money – and reputation — down the line. Once the test is in place, the necessary investment to keep things updated is easier to budget for.
Communication with staff
It’s also important to have clear communication set out with staff about their responsibilities in relation to technology. Teachers are essential to ensuring the risk of an attack is minimised as they are responsible for data and passwords for each device and computer in the classroom. With this said, it is also a good idea to establish a clear, annual training plan to keep staff members up-to-date with any changes in the school, such as new software being used or government policy changes.
The need for internet security is continuing to grow and schools must ensure that they are protected and compliant. We recommend that schools get ahead of the game now to install firm foundations on which to build future protection; we, in the education sector, need to act now to create safer online environments for the whole school.