Search

Schools, colleges and universities: stay protected against ransomware

It may feel like we’re beating the same drum over and over again with our recent focus on cyber criminal activity involving the education sector, but we wouldn’t keep banging that drum without good reason.



Cyber attacks against the education sector have significantly increased over the last 18 months. We've seen attacks on colleges, universities, primary schools and secondary schools nationwide, and here in the East Midlands.


These attacks have impacted schools in various ways, with some schools facing tougher repercussions than others, from having to delay the start of term, to huge data breaches.


Typically, the type of cyber attack that schools are facing is ransomware - malicious software designed to block access to computer systems and encrypt your data until a ransom is paid.


Ransomware involves the use of computer viruses that threaten to delete (or release publicly) your files unless the ransom is paid (often in bitcoin). Like other computer viruses, it usually finds its way onto a device by exploiting a security hole in vulnerable software, cracking weak passwords or by tricking somebody into installing it via phishing emails.




Why do criminals target the education sector?


Cybercriminals are deploying ransomware to encrypt your sensitive data, as it will have the biggest impact on your services. This can affect staff and students’ access to computer networks, as well as services including email systems, payment systems, phone applications and websites.


Every school holds valuable information just like any business; student medical records, parents contact details, bank details, exam grades and teachers’ personal information. This information is valuable to the criminals behind the attack, as they can publicly leak the data online or sell the data to cybercriminal forums and dark web marketplaces for additional revenue.


How can I protect my organisation from a ransomware attack?


  • Always back up your data, restoring files from a backup is the quickest way to regain access to your data.

  • Never click on unverified links, especially when they are from sources or senders that you don’t recognise.

  • Have your IT department regularly scan emails and systems for malware.

  • Only download files from trusted sites - this includes applications for phones and tablets.

  • If you are using public Wi-Fi, always use a VPN.

  • Do not plug in unfamiliar USB devices.


How can the East Midlands Cyber Resilience Centre help my school?


To help the education sector outsmart cybercriminals and toughen up your cyber security, we can provide businesses and organisations with guidance to help improve cyber resilience.


We encourage schools, colleges and universities in the East Midlands to sign up for our free core membership and to download practical resources and tools that will help you identify your risks and vulnerabilities. Through our membership, you will also get regular updates on new threats and can train your staff and help them to integrate security measures into your organisation.


We also host webinars, bringing in key speakers from the world of cybercrime, be that police, local authority or subject matter experts. These hour-long webinars are aimed at both teachers and school IT departments and contain a myriad of important guidance, advice, techniques and case studies, with a focus on making your school more resilient.


Join our free core membership, and follow us on Twitter and Linked In to find out when the next webinar is.

Further reading

Have a read of these case studies below...




Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.

 

EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.