How to protect your school from cyber attacks

After the release of the new DfE cyber security standards for schools and colleges, Hayley Dunn shares how you can make sure your school is protected from cyber attacks 

CREDIT: This is an edited version of an article that originally appeared on Association of School and College Leaders

In 2020 the National Cyber Security Centre (NCSC) issued an alert in response to further targeted ransomware attacks on the education sector by cyber criminals; this was followed by further alerts in May and June of 2021. 

Ransomware attacks have a devastating impact on schools and colleges, and it often takes considerable periods of time to restore services to usual capacity and functionality; these types of events also attract the interest of media and can become high profile.

What is ransomware?

Ransomware is a type of malware that prevents users from accessing their IT system and/or the data it holds; data is usually encrypted, but fraudsters may also delete or steal data, or make computers inaccessible. An initial attack is usually followed by a demand for payment in the form of cryptocurrency. Typically, the NCSC says fraudsters use anonymous email accounts, such as ProtonMail, to make contact – worryingly for schools and colleges, the NCSC also reports a trend in threats to publish stolen sensitive information.

Which education settings are fraudsters targeting?

The NCSC reports that since late February 2021, there has been an increased number of ransomware attacks that have affected education settings in the UK, including schools, colleges, and universities.

What should school/college leaders do if their organisation is targeted? 

It is important that senior leaders in education settings understand the nature of the threat and the potential for ransomware to cause considerable damage to their organisations in terms of lost data/access to critical services. 

On 10 October 2022 the DfE released Cyber security standards for schools and colleges; this is the second in a series of digital standards the government are releasing, aiming to improve standards of provision, safety and security.

What to do if you school or college is affected: 

• Enact your incident management plan.
• Contact the NCSC.
• Contact your local law enforcement and Action Fraud.
• Inform the Department for Education by emailing: [email protected]

The DfE advise that they support the National Crime Agency’s recommendations not to encourage, endorse or condone the payment of ransom demands; payment of ransoms is no guarantee of restored access or services, and is likely to result in repeat incidents in educational settings. 

The DfE states that it, ‘is vital that you urgently review your existing defences and take the necessary steps to protect your networks from cyberattacks. Along with your defences, having the ability to restore the systems and recover data from backups is vital. You should ask your IT team or provider to confirm that they are backing up the right data, the backups are held offline, and that they have tested that they can restore services and recover data from the backups.’

What can school/college leaders do to reduce the risk of attacks? 

The NCSC recommends what it calls a ‘defence in depth’ strategy to defend against malware and ransomware attacks. They urge all organisations to advise their IT teams to follow the advice and guidance on mitigating malware and ransomware, which provides a number of steps organisations can take to disrupt ransomware attacks and enable effective recovery. 

They also strongly advise that it is vital that organisations have up-to-date and tested offline backups. For further information, see the NCSC’s offline backups in an online world blog post as well as the NCSC’s guidance on backing up your data.

The NCSC has made two of its cyber security services, the web check and mail check, available to all and at no charge: 

• Web Check scans institutions’ websites to check for common security vulnerabilities and gives advice on how to address the most important of these. This is important because cyber criminals exploit website weaknesses to gain access to an organisation’s network and data. Web Check is easy to set up and, once you are up-and-running, the tool will regularly check your domain(s) and inform you of any problems. 

• Mail Check helps in the fight against phishing – specifically, it helps your team to set up anti-spoofing controls to stop attackers sending fake emails to students, parents, staff, etc. claiming to be from your organisation. These controls can also help reduce genuine emails going into spam folders.