Cyber Threats to Education

Cyber security is a major concern for education establishments

News of education establishments and organisations being hacked has become increasingly common, with recent examples ranging from prestigious independent schools to universities being held to ransom and forced to pay large sums to unlock files and systems, or having their students’ personal data leaked online, thus violating the Data Protection Act.

Ransomware is still on the rise

For many reasons, the education sector has become a very tempting target for ransomware criminals

Students will frequently engage in risky online behaviors that put schools at a greater risk of ransomware attacks, such as opening email attachments without caution and visiting websites that contain pirated entertainment and malware.

The highly open and interconnected nature of campuses provides multiple entry points for this malware, and once a weak link has been discovered ransomware can quickly spread from student to faculty to staff PCs and servers.

Some institutions have found it increasingly difficult to fund IT security investments due to the cost constraints. Unfortunately, the education sector still falls far behind industries such as finance, retail, and healthcare in terms of the resilience of its technology infrastructure.

How Ransomware works

Ransomware is a type of malicious software (malware) that infects computer servers, desktops, laptops, tablets, and smartphones, infiltrating via a variety of mechanisms and frequently spreading laterally across a campus from one device to the next. When a virus infects a system, it quietly encrypts every data file it finds before displaying a ransom note to the user for a decryption key.

Education establishments face either having to pay the ransom or rebuilding systems and hoping that they can restore important data using backups. Often putting education establishments in a position where paying the ransom seems the easiest and cheapest way to regain access to their files.

Education an attractive target

School systems contain an abundance of student and staff data that is valuable and coupling this with lean staffing levels, makes them an attractive target for those seeking access and information.  In addition, prestigious independent schools and universities are being targeted by criminals looking to capture information belonging to children of those with high net worth and influence.

In recent incidents affecting the education sector, ransomware has resulted in the loss of student coursework, school financial records, and even COVID-19 testing data.

Modern networks must be resistant to modern threats. Bursars, shareholders and IT staff should be worried about network security, such as the separation of curriculum networks from administrative networks. The loss of sensitive data belonging to children and their families, as well as school financial data, interim unpublished results of inspections, HR issues with existing or past staff etc. may have a catastrophic impact for the individuals and schools alike, with both financial and legal ramifications for failure to comply with legislation.

FREE CONSULTATION

Worried about cyber security threats to your education establishment and the potential damage and disruption it may cause? 

Please leave a few contact details and one of our Trusted Advisors will get back to you. Or call us to speak with someone immediately:

+44 845 257 5903

secure@infosecpartners.com







    Infosec Partners has helped education establishments, from the most prestigious independent schools & colleges to the country’s top universities, to successfully develop robust security strategies and manage Safeguarding.

    Listening to Heads and Bursars, Teachers, Students and Parents, we designed a portfolio of cybersecurity services specifically for schools. Infosec Partners helps schools understand the new threats facing them and teaches them how to take control of information and security, staying compliant, managing budgets and risks.

    Resources