Ransomware: the risks and how to avoid them

How would you manage if your school IT systems were taken down by a Ransomware attack?

At SWGfL, we have helped several schools recover after the impact of a Ransomware attack, by providing expert consultancy and support. Last year we highlighted the challenges posed by Ransomware attacks, and it continues to be a threat faced by many schools.

Usually, Ransomware gains access to systems by manipulating individuals into sharing their confidential or personal information before encrypting, or locking, their data. What follows is a ransom message demanding payment in exchange for unlocking the data. Often these attacks take the form of emails with an invoice, or a request for a quote that links to a site where the malware is downloaded. SWGfL produced this Ransomware whitepaper in October which can help you protect yourself against Ransomware attacks.

As our annual assessment of UK schools reported recently, 35% of UK schools have no data protection policy in place. We should all be more vigilant and cautious when it comes to our data, particularly given the UK is set to implement new, stricter EU General Data Protection Regulation (GDPR) in May 2018. These will bring a whole raft of changes centred around the control that individuals will have over the use of their data. For schools, this will translate into (among other things);

  • Greater transparency and clarity about what they do with children’s data

  • More emphasis on obtaining clearer and auditable consent before sharing data

  • A legal requirement to notify a system breach within 24 hours and

A requirement to appoint a dedicated data protection officer

Recently the manner in which WhatsApp manages the encryption of messages has been brought into question. It does pose an interesting question for the type of communication that may take place between teachers. For instance, in some schools, it may be plausible that the teacher and support staff or senior leader may have a conversation about a pupil’s specific requirements via WhatsApp. However if the service is not secure, there is a risk that those messages could be intercepted and shared, so it’s a factor to consider.

Many staff members in schools have access to large amounts of personal data, far more than in many other industries or jobs. Because this goes with the territory, it’s easy to become complacent, which in turn can lead to a more relaxed attitude to the security of that data. Unfortunately the most common cause of a data protection breach is a user, and in schools, they remain one of the least likely groups to have received training.

I recently heard about a teacher who shared a video taken inside her classroom on Twitter. The young people were enjoying the activity and sharing thoughts, but around the edge of the monitor in the background were post-it notes with login and password details! Not the best way to protect access to your data.

One of the most effective ways to secure your systems from attack, both personally and professionally, is still a good passphrase. Sadly most people tend to use a password, and the same one, in multiple places because they find them hard to remember, our recent blog offers some good advice on how to ensure your passwords and passphrases are secure.

For many schools a good source of advice is vital in understanding complex statutory obligations. In June 2016 we launched 360data, a new self-review tool which helps organisations test and improve their data protection policies and practices.

360data has been built on the award-winning 360safe self-review tool used by more than 10,000 schools in the UK. After completing the initial assessment the tool will suggest next steps for improvement, sources of good practice and even produce template documents for policies and usage.

In October we also announced an exclusive deal for Intercept X, which protects your data from all forms of ransomware. Intercept X can be installed alongside your existing protection and includes a powerful virus cleaner.

Soon, we hope to release the UK’s first Cyber Insurance product specifically designed for schools, which would provide cover in the event of a ransomware attack and enable the recovery of core systems and data.

So whilst the last year has been busy, now is the time schools should act to protect systems and data from attack.

Back to Magazine


Related Articles

Bursting the Bubble: Why Online Safety Education needs to evolve

Bursting the Bubble: Why Online Safety Education needs to evolve

How do we know that the online safety education programmes we provide are making a difference? Ken Corish outlines the case for developing a set of standards for online safety to develop resilience in children and young people

2 March 2017
Education Services
Over 1 in 3 schools aren’t compliant with basic data protection obligations

Over 1 in 3 schools aren’t compliant with basic data protection obligations

Over recent years, the annual assessment report has disclosed a lack of knowledge amongst teachers and this definitely remains the case over the last 12 months with almost half of schools (49%) have no staff training to date around online safety.

26 January 2017
Online Safety, South West Grid
SSL Connect brings safe and secure remote connections

SSL Connect brings safe and secure remote connections

SSL Connect is a web based tool, which allows your users with Managed Devices to remotely access your school network.

17 January 2017
Online Safety
SWGfL Roundup of 2016

SWGfL Roundup of 2016

2016 has been a whirlwind of headlines including data protection, appropriate filtering and monitoring, sexting, social media, ransomware and the computing curriculum. Read our 2016 roundup and discover all the great content you may have missed

7 December 2016
Schools Internet Service, Online Safety, Education Services
NEW ground-breaking ransomware protection now available!

NEW ground-breaking ransomware protection now available!

Ransomware is the number one malware attack affecting organisations today. It encrypts your files and holds them hostage until the ransom is paid. Find out how you can fend off attacks with our new anti-ransomware solution and download the Ransomware White Paper…

3 October 2016
Online Safety