The pandemic has had a devastating effect on almost every facet of society – arguably none more so than the education sector. Aside from the countless lost hours of invaluable face-to-face class time, a less spoken about consequence has been the increase in cyber-attacks on schools and their security systems
From 2019 to 2020 the National Crime Agency (NCA) reported a 100% rise in distributed denial-of-service (DDoS) attacks, which are malicious attempts to disrupt a server; perhaps just as worrying were the NCA findings that these attacks are being committed by children as young as nine-years-old.
One of the most common types of cyber-attacks on school systems is phishing – which tricks a user into clicking on a link, or responding to an email, believed to be from a trusted source; this often takes the form of requesting sensitive information such as passwords or bank account details.
School data is extremely sensitive information, and any compromise could put those in your care at risk – not to mention the potentially irreversible damage to your school’s reputation.
Numerous factors are believed to have contributed to the rise in attacks like phishing, including the overuse of unprepared school services and distracted and overworked IT staff. Not only do such incidents risk of the loss of sensitive information; there are also economic costs to these breaches. The average data leak costs an organisation close to £3m, and the education sector has been targeted more than others by hackers over the past two or three years.
How can schools limit or stop these attacks?
There are a few key steps a school can take to keep their people and their data safer.
1 Put in place preventative measures
Addressing the issue at the earliest point is the most effective way to limit the impact of cyber-attacks. Prevention methods will also be the most cost-effective choice, limiting long-term damage and any potential fines which may be imposed as a result of a breach.
As with many issues, the solutions may lie in the education of both students and staff. Children should be taught about the potential impact of digital misuse, both personally and for their school. The National Crime Agency is in the process of launching new initiatives to show to students deemed to be at risk of committing cyber-crime – educational messages which may help to prevent future attacks. According to the deputy director of the NCA’s National Cyber Crime Unit, John Denley, “Law enforcement plays a critical role in tackling cyber-crime and keeping the country safe. School outreach is important for educating a younger audience”.
But education should not stop with pupils. All staff, not only those in the IT department, should be trained in how to spot and prevent potential issues. The governing body, including school business leaders, should ensure their school’s cyber-security is given sufficient funding and protects all involved.
Training is particularly effective in defending your school against phishing and other email scams. The Metropolitan Police’s Little Book of Cyber Scams 2.0 recommends implementing certain types of training, including how to check a sender’s email address and authenticating payment requests.
Mitigation should be in place for all users to ensure data is best protected. Social media, for example, poses a great risk and everyone at the school should be aware of the dangers of sharing certain posts and topics.
Defending your school from cyber-attacks can be expensive, though affordable and effective solutions and systems are available. A basic security measure is password protection; all school systems and computers should be safeguarded by an appropriate and secure password policy.
2 Detection and disruption
Digital crime is always adapting and becoming more intelligent; in order to combat this, your school’s security software should be checked and tested regularly to manage any new issues or vulnerabilities.
Schools must establish an extensive, multi-layered, system of defence. This should include a web proxy to handle site traffic, web-filtering to limit access, and a firewall policy to block certain downloads or domains.
NCSS advice is to have constant security monitoring of unexpected or unidentified activity and an appropriate management plan in place, if or when an attack is initiated.
Cyber-attacks remain a major issue and potentially disastrous for all schools across the UK. Schools need to act and check if their security systems are sufficient and, if not, to act accordingly to prevent, detect and disrupt the rise in digital attacks.
Be the first to comment