Cyber attacks are only something for big businesses to worry about. Hackers don’t target schools and colleges.
That’s a common misconception, but it couldn’t be further from the truth. A recent UK government survey found that primary schools are as likely to face an attempted attack as an average business. And secondary schools and further education colleges are significantly more likely to be targeted.
A quarter of all primary schools that were breached, and a third of secondary schools and colleges experienced a material outcome from the attacks, such as a loss of control, data, or money. And even if there was no harm done, nearly half of primary and secondary schools and three-quarters of colleges said they were negatively impacted by attacks. This was typically in terms of requiring new measures following a breach, staff resources being diverted to deal with the breach, and wider staff being prevented from carrying out their work activities. So, clearly, cybersecurity in the education sector is important. Victims of attacks will likely see an impact on productivity at best, or at worst suffer financial losses.
In this blog, we’ll look at why education is targeted, what the most common types of attacks are, and what can be done to guard against them.
1. Why target education
Each school or college needs to evaluate its own risk and understand what may make them the target of an attack, but there are three main reasons why education is targeted.
Data theft
All schools and colleges hold sensitive data including the names and addresses of staff and students. This can be used by cybercriminals, either by selling it to a third party or as a bargaining tool to extort money.
Financial gain
Many schools and colleges use online portals for students or parents to make payments. This could be tuition fees for private schools or ad-hoc payments at state schools. The more money there is passing through such a portal, the more likely it is to be targeted.
Espionage
Hackers may target this either in the hope of selling it on or holding the institution to ransom.
2. Types of attack
There are many methods hackers use to try to breach security systems, but these are the most common in education.
Phishing
These attacks typically come in the form of an email or message pretending to come from a trusted source. This tricks the user into revealing sensitive information or credentials which could then allow the hacker access to the network. Phishing was identified by the government survey as the most common type of attack across schools and colleges.
Impersonation / social engineering
Hackers may contact an establishment by email, text, or even a phone call pretending to be someone in authority at the institution. If staff are not sufficiently trained they can be tricked into giving out passwords or other sensitive information that would allow the cybercriminals to log in remotely, bypassing any security systems.
Ransomware and malware
These are small files that run on a computer and then spread across the network. Typically, they are disguised as legitimate attachments to prompt users to open them, but some can spread without user interaction. They will often lay dormant for some time before being triggered into action - suddenly damaging or deleting data across an entire network whilst demanding a ransom to prevent further damage.
3. How to protect your school
The good news is there are many ways to protect your establishment against cybercriminals:
The good news is there are many ways to protect your establishment against cybercriminals:
Cyber Essentials Assessment & Certification
Cyber Essentials is a Government backed pathway that helps to protect schools against the most common cyberattacks, focusing on the specific needs of education.
Staff training
All staff should receive regular training on the risks of cybercrime and how they can prevent it by practising good password security and always following procedures when giving out sensitive information or receiving suspicious-looking communications.
Multi-factor authentication (MFA)
MFA requires users to provide additional identity verification when using a device for the first time. For instance, when logging in on a computer they will receive a text message with a unique code to gain access. So even if their password has been compromised, hackers would not be able to use it alone.
Device management
With so many devices being used in schools now it’s difficult to keep track of them. And users who bring in their own devices could be compromising your network with their lack of individual security.
Mobile device management (MDM) solutions will track all your devices and can enforce security protocols on any user-owned devices that connect to your systems, ensuring the safety of your network.
Expert consultation
The best way to protect your educational establishment against cybercrime is to have your security systems designed by experts. It takes considerable time and money to train staff to the necessary levels of security expertise, so many organisations choose to outsource this to security consultants instead.
At Counterpoint, we’ve invested in the training and solutions necessary to deliver the highest levels of IT security in schools and colleges. From basic patch management and anti-virus software through to MFA, MDM, network security, and staff awareness training, we have all the experience you need. Fill out the form below and let us give you peace of mind that your network and data are safe.
Comments