The Increasing Importance of Cyber Security in Schools

Cyber-attacks on the rise in schools

What motivates someone to commit a cyber attack against a school? No matter how renowned or humble, each organization in the Education sector is at risk of their cybersecurity vulnerabilities being exploited. Hackers can target organizations to steal sensitive data, such as names addresses and medical records. In the context of schools, they can also attempt to hold networks for ransom, to spy on rival education institutes and even to deny service of pupils and staff to their online resources. 

As stated by the National Cyber Security Centre (NCSC), since May 2021 ransomware attacks against schools, colleges and universities in the UK are once again on the rise. This warning against a new wave of criminality is the latest development provided by the NCSC which had already issued an alert for the increased threat being posed to organizations in the Education sector in August 2020.

Furthermore, in light of the changes to education as a whole post pandemic, more and more students and teachers are storing and relying on data online. This can range from homework now being exclusively accessible online on Google Classroom, to sensitive data about staff and pupils being stored online to allow for remote access from people working from home.

Subsequently, despite all the other issues faced by the Education Sector in the current climate, the need for good cybersecurity in schools is becoming increasingly apparent amidst a multitude of attacks and incidents over the past year.

Types of cyber-attacks

Attack types may vary depending on the organization being targeted. For example, a university might be targeted due to its high profile and as part of a ransomware attack as hackers seek to gain financially from the cyber-attack. On the other hand, smaller schools or establishments which are not known for their status and potential wealth can still be targeted for different reasons and equally face destructive consequences if vulnerabilities are not monitored. Here are a few examples of cyber-attack techniques:

• Phishing

Phishing constructs are usually based around a link click, or a bogus landing page which prompts a user to submit their data or credentials. Phishing attacks are most often launched via email or text, with victims thinking the link or credential prompt is authentic.

• Malware + Ransomware

Much like phishing, malware often involves a device being infected following an interaction with a link or download on the school’s network. Once the malware is downloaded onto a device malicious third parties can remotely access files or edit commands. 

This can not only lead to mass data breaches, denials of service but also to ransoms, in which the hacker will hold a network hostage unless a ransom is paid.

• DDos – Denial of Service

Perhaps the most common cyber threat to all organizations operating online is a denial-of-service attack. During this attack, a system is overloaded by requests causing it to crash. 

Impact of a cyber-attack on schools

Any cyber attack can have a profound and destructive impact on an organization, but the weight of responsibility to secure data and uphold the duty of care towards pupils and children is enormous. Not only can attacks derail students from their studies, putting their futures at risk, but sensitive data pertaining to students being leaked can hold demining ramifications.

For instance, in 2018, a school in Blackpool had their direct CCTV feed leaking onto an American website. Commenting on the incident, as cited by InfoSecurity magazine, McAfee chief scientist Raj Samani stated:

“We can educate children about how to protect themselves online and when using their devices, but businesses manufacturing devices must do their bit too and that is ensuring security is built-in from the get-go. There really are no excuses anymore”

How to stay safe

The best measures to take when considering a cyber attack are preventative measures as opposed to measures to try and act after an attack has already taken place and potential assets seized. Here are a few examples of steps that can be taken to protect a school, college or university:

• Back Up Data

Any organization which holds sensitive information online should back this up regularly. In doing so, this helps to mitigate the potential threat of a ransomware attack in which the hacker is holding data hostage – if it can be backed up there is no need to pay ransom.

• Routine scans and up to date Antivirus

Whilst it may seem obvious to some, many networks or systems do not employ the latest up to date Antivirus and Antimalware software. The older software is, the higher the chance the hackers have had a chance to study it and tailor their cyber attacks to poach on new vulnerabilities. 

• Effective training

Weak passwords, accessing sensitive data from unsecured networks or unauthorized devices to falling prey to phishing scams out of sheer naivete, employees are at the heart of an organization’s cyber security.

All employees should be thoroughly trained as to how to work safely online, and policies put into place to ensure that rules are followed when surfing the web or simply accessing work emails. This mitigates an array of vulnerabilities that can be caused by human error.

Securiwiser can help your business stay safe in the cyber world via its daily monitoring of cyber threats, including those raised in this article. Start your free trial today by clicking here.