Security is a major concern
Cyber security is now a major concern for education. News of organisations being hacked becomes ever more commonplace and recent examples have shown prestigious independent schools to universities being held to ransom and having to pay to unlock files and systems, or having the personal data of their pupils leaked online thus falling foul of the Data Protection Act.
Ransomware is still on the rise
Fraudsters have been cold calling UK education establishments resulting in ransomware attacks. There have been several instances on fraudsters posing as being from the Department of Education, the Department for Work and Pensions, or telecoms providers. The head teacher, financial administrator receive emails with attachments purporting to be anything from exam guidance forms to mental health assessments. On opening the attachments, ransomware is activated encrypting files and systems which attackers hold to ransom. The recent spate of ransomware attacks have seen an average pay off of around £8000 each, with schools either having to pay the ransom or rebuilding systems and hoping that they can restore anything important using backups.
Education an attractive target
School systems have much student and staff data that are valuable and coupling this with lean staffing levels, makes them an attractive target for those seeking access and information. In addition, prestigious independent schools and universities are also targeted by criminals looking to capture information belonging to children of those with high net worth and influence.
Modern networks must be resistant to modern threats. Bursars, shareholders and IT staff should be worried about network security, such as the separation of curriculum networks from administrative networks. The loss of sensitive data belonging to children and their families, as well as school financial data, interim unpublished results of inspections, HR issues with existing or past staff etc. may have a catastrophic impact for the individuals and schools alike, with both financial and legal ramifications for failure to comply with legislation.