In 2020, the UK’s Department for Digital, Culture, Media and Sport conducted a Cyber Security Breaches Survey with a section focused specifically on the education sector. Its findings made for perturbing reading. The results of the survey showed that 41% of primary schools, 76% of secondary schools and 80% of further education institutions had identified at least one cyber-attack or security breach in the previous 12 months.
Hackers and cybercriminals appear to be increasingly turning away from larger organisations in favour of targeting smaller institutions – seen as low hanging fruit – that may be less well equipped to deal with a scam or hacking attempt. The fallout from a security breach can have devastating consequences for schools.
Previous attacks have resulted in significant financial losses, sensitive data on students, parents and staff being lost or published online and have even forced temporary school closures. With schools firmly in the crosshairs of cybercriminals, the importance of a secure digital infrastructure has never been greater.
One of the most effective ways to protect against cyber scammers is training staff to spot phishing attacks and malicious downloads, and implementing safety checks such as 2FA (two-factor authentication) for all school systems.
Hackers and cybercriminals appear to be increasingly turning away from larger organisations in favour of targeting smaller institutions
Cybercriminals can embed malware in email attachments, which if downloaded can spread through a school’s network to steal confidential information and demand a ransom for its release. Phishing attacks typically involve a scammer posing as a trusted source – such as HR staff – and asking for confidential information which can then be used to access school systems.
Cybercriminals work to identify attack vectors, known as weaknesses in an organisation’s digital infrastructure. School servers, if improperly maintained, can become a further vector used to infiltrate a school’s various systems. Moving from on-premise servers to a managed cloud-hosted environment can protect against these vulnerabilities by offering sophisticated safeguarding technologies and protocols that may otherwise be unaffordable to individual schools.
Managed cloud-hosted solutions include performance and security services that protect against DDOS (distributed denial of service) attacks, and web application firewalls that automatically prevent hacking attempts.
Cloud-hosted solutions also offer enterprise managed detection and response (MDR), which protects data from attacks, whilst being monitored by a team of security experts who continually pull data from servers and scan it for threats and attacks.
Another means of protecting servers involves regular server maintenance which ensures servers are running on the latest instance and prevents cybercriminals from exploiting outdated or unpatched systems. Lastly, managed services back up servers hourly, so in the event of an incident, it can be restored without losing days or months worth of crucial data.
If you’d like to learn more about the cybersecurity risks in schools, the methods of scammers and how to protect against them, join us at our upcoming webinar: Threats to schools and how to mitigate them.
The webinar will be led by the BBC’s first dedicated cybersecurity journalist, Joe Tidy, who will explain the ever-evolving world of cyber scams in schools using real-world examples and provide some top tips on keeping your school secure. We’ll also be joined by iSAMS managing director Alastair Price, who will give an overview of the measures in place to protect iSAMS schools.
Register for free here.