A successful cyber attack has the potential to greatly impact upon an educational establishment. As education establishments continue to remain a target for attack they should ensure they put cyber and information security as the number one item on the risk register. Results from our 2022 Cyber Security in UK Schools report discloses that educational establishments continue to lack resilience against cyber and information security risks:
62% of schools had not received cyber security training
17% reported a cyber attack, 48% of which were ransomware
Almost a third had no IT security policy
80% of schools had no air-gapped backup
Small schools are more at risk
70% had no high-risk staff training in place
It is therefore essential that schools prioritise cyber security to protect all members of their community. To help with this, we have outlined some key messages and practices for schools.
How Can You Protect Your School from Cyber Attacks?
Fortunately for schools, cyber security doesn't have to be as complicated as it may sound. A lot of practices are basic and can effectively protect your school. Take a look at the points below. Consider them as a checklist of things to address when it comes to reviewing your cyber security. (Click on the buttons for more info)
- Train regularly and not just once a year
- Provide training around personal risks, not just organisational ones
- Keep training interesting and engaging
- Identify those who may have access to sensitive information and provide additional training – headteacher, DSL, admin staff, office manager, business manager, HR lead.
- Attacks happen all the time and can target anyone so always be ready!
- Encourage vigilance and praise staff when they report an issue, event or suspicious behaviour.
- Use technology to help – monitor logs, keep software updated, use endpoint protection, scan incoming emails - use what you have to maximum effect
- Record what you will do, when, how and by whom if an attack happens – it is easier to react if a plan is already in place.
- Record key contact details, login details to key systems and other information you might need if you couldn’t access anything in your organisation.
- Plan for a range of likely events that can affect your school’s data such as ransomware, internet outage or fire.
- Keep the plan in a safe, secure, yet accessible place – not on the premises
- Backup all the critical data you need to keep safe and secure.
- Test that the backups work
- Take a copy of the back up monthly onto a removeable device and store it somewhere safe – this is a basic air-gapped solution. If you can, have multiple removeable devices and rotate their usage.
Treat your cyber security as if it was a utility – you can’t function without your core data systems, so spend time, money and effort protecting them.
Schools are able to protect themselves without having to spend vast amounts of money and some of these practices do not cost anything.
If you need support in managing your cyber security practice take a look at our security page below
