Which type of organisation do you think suffered the most cyberattacks globally in 2023?
Banks maybe?
Or large multinationals?
You may be surprised to discover that it was educational institutions.
According to Malwarebytes, the education sector around the world witnessed a 70% surge in cyberattacks in 2023 compared with the previous year.
So why are schools and MATs becoming such a target for cybercrime?
Schools are attractive targets due to the large amounts of financial and personal data they hold. Consider all the banking, payment and transaction details in your accounting system, and sensitive information about students, parents, and staff in your MIS.
All this data could be a goldmine for a cyber criminal – it’s more important than ever that school leaders feel prepared and supported with simple guidelines for working with third-party suppliers who are tasked with handling protected data.
What are the cyber threats facing your school?
There are many approaches criminals use to infiltrate and cause damage to a school’s systems, and their techniques are evolving all the time. Here are some of the most widespread threats to be aware of, and the impact they can have.
Systems held hostage
Ransomware is a type of malicious software which encrypts a school’s critical data so that staff cannot access files, databases, or applications and everyone is locked out of the system.
The attackers then demand a ransom to provide access to the data – and in some cases, the ransom amount can approach £1 million or more.
The financial impact can be devastating, whether or not a school or MAT decides to pay the ransom. There could be additional costs if you need external support to recover data on an emergency basis, or if a parent or staff member takes legal action.
Confidential data made public
Double extortion ransomware is when attackers not only block your data, but also threaten you with publication of that data on the dark web, making confidential details of families and staff available to cyber criminals for other illegal purposes.
The reputational damage from this kind of attack can be immense. The school community could lose trust in the school to look after their data. Personal safety could be at stake too, as publication of student data could constitute a safeguarding risk.
Tricked into sharing information
Cyber attackers are skilled at using scam emails, text messages or phone calls to mislead their victims, and phishing approaches like these are becoming more sophisticated all the time.
A common line of attack is to make you visit a malicious website which asks you to provide your username and password so they can control your accounts, unleash a virus onto your computer, steal bank details or access personal information.
Once the attacker has the information they need, they can steal large amounts of money from school or individual accounts, or trigger larger attack campaigns such as ransomware.
Systems hacked and compromised
Hackers are constantly finding devious new ways to access your school’s system, and cyber attackers are increasingly using bots to do their dirty work using password guessing attacks, phishing, stolen credentials or exploiting vulnerable software.
Once the hackers have gained entry, they cause widespread disruption which can lead to the complete compromise of a system.
Following an attack, students and staff may be unable to access the technology they use every day for teaching and learning, and in some cases, schools have to close their doors following a security breach.
Over 50% of cyber attack victims either pay the ransom or end up losing their data entirely. You can read more about this in our 2024 cyber security whitepaper.
How to defend your school against cyberattack
To be properly prepared, schools need a person or organisation who is responsible for cyber security. This could be an expert on your internal IT team, your school or MAT’s IT managed service provider or a cyber security provider.
Whoever has responsibility for cyber security at your school or MAT needs to take these key steps to keep your school safe.
1. Get everyone on board with cyber security
It only takes one person to open the door to a cyberattack, so everyone in your school should be up to speed when it comes to security.
MAT CEOs, heads, senior leaders, and governors must be prepared to provide support and commitment to the school’s cyber security initiatives, while teachers and support staff should be clear about their roles and responsibilities.
To make sure everyone understands the security risks of opening an email from an unknown source, or clicking on a link, arrange some whole-school training from a respected training provider.
2. Ensure people log in safely to your systems
If hackers have the right information, they can sneak into your school’s system. The problem is, there are often many different people logging into the school’s IT system, VPN connections or remote desktops, so it is difficult to keep access secure.
Make sure you know who your users are and set up good password practices, with permissions granted according to their roles.
Multi-factor authentication (MFA) is an excellent safeguard which requires users to enter additional information along with their password, such as a code or a secret question sent to their email.
3. Check everyone’s devices and laptops are secure
A lot of viruses and malware come into a school’s system via devices which are not properly protected. However, it’s important to allow teachers and students to work remotely, using their tablets or laptops.
All the devices people use to access the school’s system to work or study remotely must be protected by commercial-grade antivirus software. Your IT support should make regular checks that the software is properly configured, updated, and monitored.
4. Be prepared should the worst happen
If your school falls victim to a cyberattack, you need a documented plan of action to mitigate the impact.
Backups can save the day, but hackers often seek out backups and destroy them to make recovery more difficult. To avoid this happening, make sure your provider offers an immutable backup for your data – this means the backed-up data cannot be changed in any way, and is kept off-site in another location or the cloud.
It’s also important to have insurance to cover you in the event of a cyber or ransomware attack.
With data being so critical to everything a school does, from teaching and assessment to finance and HR, a breach could have far-reaching consequences. But with an effective cyber security strategy, schools and MATs can launch a powerful defence against cybercrime.
To find out more, download our guide: How to build a successful cyber security strategy for your school or MAT here.