Why cyber security is critical for schools
Back in 2018, The Telegraph reported that cyber-attacks were one of the biggest threats to face schools. Since then, the use of digital systems has rapidly accelerated across the education sector - making data security a top priority.
One of the first things I would say is that school leaders need to accept the extent of the challenge. Cyber criminals are becoming increasingly sophisticated and a robust cyber security strategy must involve the whole school team.
User awareness
Since March 2020 and the start of the Covid-19 pandemic, staff and pupils have become increasingly reliant on digital solutions, and with the whole school team using the network in some form, it’s not just the IT team’s responsibility to prevent a cyber attack.
Cyber criminals know that people are increasingly time poor, thus increasing the chance of them opening a malicious attachment or clicking a corrupt link. If this does happen your focus shouldn’t be on blame, it needs to be on managing the incident and recovery.
By running regular education sessions you can reduce the chance of an incident of this nature occurring. Consider sharing examples of real phishing emails to add context and help make training sessions more effective.
Avoid your user awareness training feeling like a box ticking exercise, instead it needs to be an ongoing process to ensure good practice is embedded across the whole school team.
Robust back-up processes
There’s been a clear increase in the number of ransomware attacks facing schools. These attacks involve cyber criminals encrypting files or servers and then asking schools to pay a fee to get their files back. Often, the criminals threaten to make the data publicly available - something that can have a disastrous impact on a school.
I would advise using cold or offline back-ups, as well as implementing some form of cloud-based solution to back-up school data. Removable files are also a completely viable option as they are disconnected from the main network.
Whatever back-up method you choose, it’s important that they are regularly tested.
Managing user privileges
Users should only have the network permissions required to undertake their own role and this should be regularly reviewed. Should a user's account become compromised and they only have limited permissions, the whole school network won’t be compromised.
Network segmentation
Throughout the pandemic, both pupils and staff needed to access the network from remote locations. By breaking the network into sections, should you fall victim to a breach, there’s a better chance of you being able to reduce the impact of the attack.
Consider creating a visitor network that all users can access and a more secure network to house critical documents.
Device management
With an increasing range of diverse devices accessing the network, schools should implement a robust audit process to help manage these devices.
Cyber criminals are managing to develop new ways to deceive users into disclosing their details. Therefore, insisting on multi-factor authentication can help improve device management. It’s rare that a cyber criminal will be able to access the second device associated with the account, so it should reduce the chance of a takeover.
It’s important to ensure that senior staff are engaged with your cyber security strategy and are made aware of the steps being taken to prevent an attack. Risk assessment needs to be easy to understand, also clearly outlining the action required in the event of an attack.
To find out more about understanding and improving cyber security in your school, you can watch Gary’s talk at Access All Areas here.
View our school management software
