BEYOND FILTERING

  • Traditional Filtering is Not Enough
  • Updated Legislation and Standards means Tougher Controls
  • Active Monitoring and Behaviour Tracking required
  • Increase Security and Enable Compliance with XFilter solutions

FILTERING IS NOT ENOUGH

Traditional web filters are point-in-time comparisons to a categorised list of websites. Whilst this prevents users from seeing inappropriate material, they ignore the bigger threat of internal hacking or theft of personal information.

The Prevent Duty and Online Safety

The Counter-Terrorism and Security Act, passed in 2015, contains a duty (known as the Prevent duty) which means that schools, childcare providers and further education establishments, along with prisons, local authorities and NHS trusts, are under a legal obligation to “have due regard to the need to prevent people from being drawn into terrorism”, with teachers and staff responsible for identifying signs that children might be vulnerable to radicalisation.

Going Beyond Blocking & Filtering

Schools and other education establishments have been predominantly focused on filtering website content and blocking website categories in an attempt to satisfy duty of care requirements around online safety and cyber bullying. However the Keeping Children Safe in Education guideline (KCSIE) which was updated in September 2016, actually warns of the risk of over-blocking leading to “unreasonable restrictions as to what children can be taught with regards to online teaching and safeguarding.”

With the enhanced auditing requirements needed to meet KCSIE and the Prevent Duty, schools now have to look much deeper into internet and social media traffic to identify potential children at risk.

XFilter solutions by Infosec Partners allow you to move beyond simple blocking and filtering to provide increased security, enable compliance and enhance your Safeguarding abilities.

FREE CONSULTATION

Get expert guidance on going beyond traditional filtering.

Please leave a few contact details and one of our Trusted Advisors will get back to you. Or call us to speak with someone immediately:

We look forward to speaking with you soon.

+44 845 257 5903

secure@infosecpartners.com







Benefits

  • Improve security by blocking access to malicious and risky websites.
  • Prevent malware downloads from malicious or hacked websites.
  • Keep your defence current with automatic intelligence tools, targeted threat analysis, and continuous updates.
  • Control access through policy-based controls with highly granular blocking and filtering.
  • Lowers your entry and maintenance costs through device-based licensing
  • An ‘anti-stalking’ component that performs checks to see if the user is being targeted online.
  • Retrospective alerting if users visit sites that are allowed but that site then proves to be compromised soon after, users may be compromised.
  • Xfilter provides advanced correlation of visits and users historical data not just point in time.
  • Protect from sensitive information leaking onto the internet (data leak prevention) Flexible network, device and user based protection.
  • Customise your implementation with the flexibility of both push and pull update options.
  • Meet compliance requirements for KCSIE, Prevent, CIPA, BECTA.

Infosec Partners has helped education establishments, from the most prestigious independent schools & colleges to the country’s top universities, to successfully develop robust security strategies and manage Safeguarding.

Listening to Heads and Bursars, Teachers, Students and Parents, we designed a portfolio of cybersecurity services specifically for schools. Infosec Partners helps schools understand the new threats facing them and teaches them how to take control of information and security, staying compliant, managing budgets and risks.

Resources

Schools & Compliance

Security is a major concern

Cyber security is now a major concern for education. News of organisations being hacked becomes ever more commonplace and recent examples have shown prestigious independent schools to universities being held to ransom and having to pay to unlock files and systems, or having the personal data of their pupils leaked online thus falling foul of the Data Protection Act.Ransomware is still on the rise

Fraudsters have been cold calling UK education establishments resulting in ransomware attacks. There have been several instances on fraudsters posing as being from the Department of Education, the Department for Work and Pensions, or telecoms providers. The head teacher, financial administrator receive emails with attachments purporting to be anything from exam guidance forms to mental health assessments. On opening the attachments, ransomware is activated encrypting files and systems which attackers hold to ransom. The recent spate of ransomware attacks have seen an average pay off of around £8000 each, with schools either having to pay the ransom or rebuilding systems and hoping that they can restore anything important using backups.

Education an attractive target

School systems have much student and staff data that are valuable and coupling this with lean staffing levels, makes them an attractive target for those seeking access and information.  In addition, prestigious independent schools and universities are also targeted by criminals looking to capture information belonging to children of those with high net worth and influence.

Modern networks must be resistant to modern threats. Bursars, shareholders and IT staff should be worried about network security, such as the separation of curriculum networks from administrative networks. The loss of sensitive data belonging to children and their families, as well as school financial data, interim unpublished results of inspections, HR issues with existing or past staff etc. may have a catastrophic impact for the individuals and schools alike, with both financial and legal ramifications for failure to comply with legislation.

 

Free Consultation

Worried about threats to your cybersecurity and the potential damage and disruption? Just let us know how we can contact you and one of our Trusted Advisors will be in touch.

Or call us to speak with someone immediately: +44 845 257 5903

We look forward to speaking with you soon.

[consultation_form]

Schools are low-hanging fruit

Attackers have identified schools as “low-hanging fruit” because they are often ill-equipped to spot signs of cyber fraud. Criminals have become increasingly sophisticated in their approach, making the threat of a cyber-attack less apparent. By using publicly available information, often from organisations’ websites and social media, criminals can gain the trust of unsuspecting staff members, increasing the chance that a harmful email attachment would then be opened from someone purporting to be a legitimate sender.

The Teacher’s Portal

Recent cyber attacks on schools:

Janet, a research and educational network in England, has been the victim of several denial-of-service attacks over the last year. Janet connects the networks of 19 different regional universities. The sophisticated attacked rippled through these networks, resulting in degradation to network services and performance.
US universities Rutgers, Arizona State, and University of Georgia have all experienced denial-of-service attacks over the last year. These attacks have caused a number of issues resulting in delays during registration and final exams. These attacks completely  completely saturate the network, preventing students from being able to connect to the network.
A Vancouver high school suffered network service degradation following a student successfully compromising their teacher’s email account and began spamming out emails in bulks to a list of over 50,000 email addresses. This action of spamming slowed down the school’s network operation. The student was expelled.
A 15-year-old in Australia is facing 10 years in jail for launching one of the largest DDoS attacks in the country’s history. The attack was so large that around 10,000 customers for the local ISP NuSkope were also affected. This attack was directed at a number of targets including Reynella East College. The attacker said that he launched the assault as a test.
One in three universities in the UK face cyber attacks on an hourly basis, with exam and dissertation results targeted alongside personal data and research.
A college in India was hacked and defaced by a group named Pak Cyber Attacker. The attack was launched against both the official website of Utkal University and the e-admissions page. At the time of this report, the e-admissions page was not accessible.
A 16-year-old student in Japan downloaded an attack tool to his desktop and carried out an attack on the Osaka Board of Education server, resulting in 444 elementary, junior highs, and high school websites being knocked offline. He was monitoring the attack from his cellphone and expressed that he wanted to join Anonymous, the worldwide hacktivist group. This student ultimately launched this attack due to his frustration with his school teachers.
Action Fraud, the UK’s cybercrime and fraud reporting centre, has issued an alert to warn teachers of the dangers posed by cold-callers posing as officials from the “Department of Education”. Fraudsters ask to be given the personal email or phone number of the head teacher, claiming that they need to send over sensitive guidance about mental health or exams which cannot be sent to a generic school account – the emails sent are loaded with ransomware.
Infosec Partners has helped education establishments, from the most prestigious independent schools to the country’s top universities, to successfully develop robust security strategies and manage Safeguarding.

Listening to Heads and Bursars, Teachers, Students and Parents, we designed a portfolio of cybersecurity services specifically for schools. Infosec Partners helps schools understand the new threats facing them and teaches them how to take control of information and security, staying compliant, managing budgets and risks.