It may feel like we’re beating the same drum over and over again with our recent focus on cyber criminal activity involving the education sector, but we wouldn’t keep banging that drum without good reason.
Cyber attacks against the education sector remain a major problem. We've seen attacks on colleges, universities, primary schools and secondary schools nationwide, and here in the East Midlands.
These attacks have impacted schools in various ways, with some schools facing tougher repercussions than others, from having to delay the start of term, to huge data breaches.
Typically, the type of cyber attack that schools are facing is ransomware - malicious software designed to block access to computer systems and encrypt your data until a ransom is paid.
Ransomware involves the use of computer viruses that threaten to delete (or release publicly) your files unless the ransom is paid (often in bitcoin). Like other computer viruses, it usually finds its way onto a device by exploiting a security hole in vulnerable software, cracking weak passwords or by tricking somebody into installing it via phishing emails.
Why do criminals target the education sector?
Cybercriminals are deploying ransomware to encrypt your sensitive data, as it will have the biggest impact on your services. This can affect staff and students’ access to computer networks, as well as services including email systems, payment systems, phone applications and websites.
Every school holds valuable information just like any business; student medical records, parents contact details, bank details, exam grades and teachers’ personal information. This information is valuable to the criminals behind the attack, as they can publicly leak the data online or sell the data to cybercriminal forums and dark web marketplaces for additional revenue.
How can I protect my organisation from a ransomware attack?
Always back up your data, restoring files from a backup is the quickest way to regain access to your data.
Never click on unverified links, especially when they are from sources or senders that you don’t recognise.
Have your IT department regularly scan emails and systems for malware.
Only download files from trusted sites - this includes applications for phones and tablets.
If you are using public Wi-Fi, always use a VPN.
Do not plug in unfamiliar USB devices.
How can the East Midlands Cyber Resilience Centre help my school?
To help the education sector outsmart cybercriminals and toughen up your cyber security, we can provide businesses and organisations with guidance to help improve cyber resilience.
We encourage schools, colleges and universities in the East Midlands to sign up to our community and to download practical resources and tools that will help you identify your risks and vulnerabilities.
Through our community, you will also get regular updates on new threats, and you can train your staff to integrate security measures into your organisation via Security Awareness Training - an affordable service that trains staff to become a barrier against common cyber threats.
If you have any questions about how we can help your school, college or university, please get in touch with the team.
Reporting
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).