Ransomware: the risks and how to avoid them

How would you manage if your school IT systems were taken down by a Ransomware attack?

At SWGfL, we have helped several schools recover after the impact of a Ransomware attack, by providing expert consultancy and support. Last year we highlighted the challenges posed by Ransomware attacks, and it continues to be a threat faced by many schools.

Usually, Ransomware gains access to systems by manipulating individuals into sharing their confidential or personal information before encrypting, or locking, their data. What follows is a ransom message demanding payment in exchange for unlocking the data. Often these attacks take the form of emails with an invoice, or a request for a quote that links to a site where the malware is downloaded. SWGfL produced this Ransomware whitepaper in October which can help you protect yourself against Ransomware attacks.

As our annual assessment of UK schools reported recently, 35% of UK schools have no data protection policy in place. We should all be more vigilant and cautious when it comes to our data, particularly given the UK is set to implement new, stricter EU General Data Protection Regulation (GDPR) in May 2018. These will bring a whole raft of changes centred around the control that individuals will have over the use of their data. For schools, this will translate into (among other things);

  • Greater transparency and clarity about what they do with children’s data

  • More emphasis on obtaining clearer and auditable consent before sharing data

  • A legal requirement to notify a system breach within 24 hours and

A requirement to appoint a dedicated data protection officer

Recently the manner in which WhatsApp manages the encryption of messages has been brought into question. It does pose an interesting question for the type of communication that may take place between teachers. For instance, in some schools, it may be plausible that the teacher and support staff or senior leader may have a conversation about a pupil’s specific requirements via WhatsApp. However if the service is not secure, there is a risk that those messages could be intercepted and shared, so it’s a factor to consider.

Many staff members in schools have access to large amounts of personal data, far more than in many other industries or jobs. Because this goes with the territory, it’s easy to become complacent, which in turn can lead to a more relaxed attitude to the security of that data. Unfortunately the most common cause of a data protection breach is a user, and in schools, they remain one of the least likely groups to have received training.

I recently heard about a teacher who shared a video taken inside her classroom on Twitter. The young people were enjoying the activity and sharing thoughts, but around the edge of the monitor in the background were post-it notes with login and password details! Not the best way to protect access to your data.

One of the most effective ways to secure your systems from attack, both personally and professionally, is still a good passphrase. Sadly most people tend to use a password, and the same one, in multiple places because they find them hard to remember, our recent blog offers some good advice on how to ensure your passwords and passphrases are secure.

For many schools a good source of advice is vital in understanding complex statutory obligations. In June 2016 we launched 360data, a new self-review tool which helps organisations test and improve their data protection policies and practices.

360data has been built on the award-winning 360safe self-review tool used by more than 10,000 schools in the UK. After completing the initial assessment the tool will suggest next steps for improvement, sources of good practice and even produce template documents for policies and usage.

In October we also announced an exclusive deal for Intercept X, which protects your data from all forms of ransomware. Intercept X can be installed alongside your existing protection and includes a powerful virus cleaner.

Soon, we hope to release the UK’s first Cyber Insurance product specifically designed for schools, which would provide cover in the event of a ransomware attack and enable the recovery of core systems and data.

So whilst the last year has been busy, now is the time schools should act to protect systems and data from attack.

Back to Magazine


Related Articles

Pimms on the lawn, G&T on the beach, or Netflix on the sofa?

Pimms on the lawn, G&T on the beach, or Netflix on the sofa?

As the summer holidays rapidly approach no doubt you will be looking forward to pimms parties and G&T's in the sun. But before you go, here's a handy summary of the hot topics we've been discussing over the past year....

11 July 2017
Schools Internet Service, Online Safety, Education Services, South West Grid
SWGfL partnership with AQDAR in UAE wins prestigious United Nations WSIS Award 2017

SWGfL partnership with AQDAR in UAE wins prestigious United Nations WSIS Award 2017

We are proud to announce our innovative work with AQDAR in the United Arab Emirates has won an International Telecommunication Union award at the World Summit for Information Society 2017 in Geneva

14 June 2017
Online Safety, South West Grid
WannaCry – the importance of data security

WannaCry – the importance of data security

Andrew Williams, Online Safety Consultant and resident data protection expert offers a guide on ransomware and how SWGfL’s 360 Data can help protect your organisation against malicious attacks.

17 May 2017
Online Safety
SWGfL unveils new and improved 360 degree safe

SWGfL unveils new and improved 360 degree safe

360 degree safe just got better. Our award winning online safety self-review tool has undergone a major upgrade making it more secure, reliable and user friendly.

12 May 2017
Online Safety
Bursting the Bubble: Why Online Safety Education needs to evolve

Bursting the Bubble: Why Online Safety Education needs to evolve

How do we know that the online safety education programmes we provide are making a difference? Ken Corish outlines the case for developing a set of standards for online safety to develop resilience in children and young people

2 March 2017
Education Services