Cyber security is now a major concern for education. News of organisations being hacked becomes ever more commonplace and recent examples have shown prestigious independent schools to universities being held to ransom and having to pay to unlock files and systems, or having the personal data of their pupils leaked online thus falling foul of the Data Protection Act.
Ransomware is still on the rise
Fraudsters have been cold calling UK education establishments resulting in ransomware attacks. There have been several instances on fraudsters posing as being from the Department of Education, the Department for Work and Pensions, or telecoms providers. The head teacher, financial administrator receive emails with attachments purporting to be anything from exam guidance forms to mental health assessments. On opening the attachments, ransomware is activated encrypting files and systems which attackers hold to ransom. The recent spate of ransomware attacks have seen an average pay off of around £8000 each, with schools either having to pay the ransom or rebuilding systems and hoping that they can restore anything important using backups.
Education an attractive target
School systems have much student and staff data that are valuable and coupling this with lean staffing levels, makes them an attractive target for those seeking access and information. In addition, prestigious independent schools and universities are also targeted by criminals looking to capture information belonging to children of those with high net worth and influence.
Modern networks must be resistant to modern threats. Bursars, shareholders and IT staff should be worried about network security, such as the separation of curriculum networks from administrative networks. The loss of sensitive data belonging to children and their families, as well as school financial data, interim unpublished results of inspections, HR issues with existing or past staff etc. may have a catastrophic impact for the individuals and schools alike, with both financial and legal ramifications for failure to comply with legislation.
Worried about threats to your cybersecurity and the potential damage and disruption? Just let us know how we can contact you and one of our Trusted Advisors will be in touch.
Or call us to speak with someone immediately: +44 845 257 5903
We look forward to speaking with you soon.
Attackers have identified schools as “low-hanging fruit” because they are often ill-equipped to spot signs of cyber fraud. Criminals have become increasingly sophisticated in their approach, making the threat of a cyber-attack less apparent. By using publicly available information, often from organisations’ websites and social media, criminals can gain the trust of unsuspecting staff members, increasing the chance that a harmful email attachment would then be opened from someone purporting to be a legitimate sender.
The Teacher's Portal
Infosec Partners has helped education establishments, from the most prestigious independent schools to the country’s top universities, to successfully develop robust security strategies and manage Safeguarding.
Listening to Heads and Bursars, Teachers, Students and Parents, we designed a portfolio of cybersecurity services specifically for schools. Infosec Partners helps schools understand the new threats facing them and teaches them how to take control of information and security, staying compliant, managing budgets and risks.
PDF: Schools & Cyberfraud
VIDEO: Ransomware targeting schools
PDF: KCSIE 2016
PDF: Compliance with the Prevent Duty
PDF: Article - Who Cried Wolf?
Copyright © Infosec Partners Group 2004 - 2018. All rights reserved - CALL : 0845 257 5903 or +44 (0)1256 893662 - EMAIL : firstname.lastname@example.org