Cyber Crime in Schools - A Clear and Present Danger
Posted on 27th February 2019 at 13:42
Today’s news pages are filled with stories relating to cyber security. Many of these reports relate to the risks to industry, big business, government organisations and individuals (for example, phishing scams).
But little is mentioned of the cyber-vulnerability of schools and the impact that such attacks might have on both the schools and the individual young people. Part of our work providing IT solutions for education involves keeping their systems an networks secure.
We spoke to Jack Woodcraft, Senior Network and Security Engineer, here at Talking Business.
TB: Can you start by highlighting for us the scale of the dangers faced by schools from cyber attacks?
JW: Sure. You might be surprised by the stats. The specialist insurer, Ecclesiastical recently conducted research into this field and discovered that 1 in 5 schools and colleges have fallen victim to cyber crime. The strange thing is - the vast majority think they’re adequately protected. I guess some institutions are either ignorant of the security measures they should be taking or there’s an element of pride - they just don’t want to admit their shortcomings.
TB: That sounds pretty alarming!
JW: Well, it is when you consider the sensitivity of the data held by schools and colleges - personal information about children, parents, staff, governors, job applicants. Any of this data could be compromised - simply because systems are inadequate or staff are poorly trained. Don’t forget too, the collateral damage that can be caused by a successful cyber attack. Apart from the obvious risks to children and staff, if a school undergoes a security breach, the data it holds could be lost beyond recovery. Its systems could be down for days or even weeks while network forensics and recovery take place. Its reputation will suffer. Since the introduction of GDPR for schools, there could also be fines. Imagine the impact of those on a school’ already over-stretched budget.
TB: So - tell us more about the nature of these attacks. Let’s drill down to exactly where the specific dangers lie.
JW: Phishing attacks are a big problem, representing over 50% of cyber attacks on schools and colleges. Typically, a senior member of the admin staff receives an email with a request to process a “Faster Payment” to a new beneficiary, with ‘Payee details attached’. The sender’s email address might appear very similar to the school’s website domain with a slightly different version of the username - such as firstname.lastname@example.org would appear as email@example.com. The email asks the member of staff to make a payment to the ‘Payee details attached’. Even something as simple as opening a malicious PDF attachment could be all thats required for a successful breach to take place.
TB: But isn’t that just too obvious?
JW: Well you’d think so, but there’s so much pressure on staff these days, or the staff member might be new and untrained. It’s amazing how many of these scams are successful. The other common threat is malware from personal devices. For example, staff or students might bring into the school any number of compromised devices and use them across the school's network, putting entire systems at risk of numerous malware infections.
TB: Talk us through some of the ways in which Talking Business can help schools and colleges to protect against these and other threats.
JW: OK. Well, before we do anything we carry out what’s called ‘Penetration Testing’. This is where we carry out tests on the client’s systems and networks and attempt to challenge their security. We identify where the vulnerabilities lie and see if we can squeeze past the defences and gain unauthorised access.
TB: What happens when you detect vulnerability?
JW: One of the first things we do is to check end point security. As mentioned, most attacks are successful due to the action or opening or ‘activating’ the malware thats got through the firewall/spam filter. The next step would be making sure the internet facing firewall is up to date, and blocking correctly. Next generation firewalls can actually look deep into the traffic that comes through the firewall and can block malicious traffic at the perimeter, therefore lowering the potential of an endpoint receiving the traffic at all. We’ll all make sure no legacy protocols or services that are vulnerable to attack are being used.
TB: Does your role end there?
JW: Far from it. if anything, that’s just the start. So much of our work revolves around training. You can have the latest security software the market has to offer. But, leave your staff untrained and you might as well not bother. Do the staff understand the risks of cyber crime? Is there a clear school policy? Do they know what steps they should be taking to protect their systems and the young people in their care? Do they know, for example, how to protect children’s images? Do all staff understand password principles and the importance of changing them regularly?
TB: Thank you Jack …
… so there you have the views of a Talking Business specialist. We’re the go-to experts in cyber security for schools and colleges. It’s our mission to keep educational institutions and the people who work and study there safe from cyber attack. Find out more.
Tagged as: Cyber Security, Cyber Security for Schools, Cyber Threats to Schools, GDPR for Schools, General Data Protection Regulation, IT Communications, IT Support for Schools
Share this post: