The topic of cyber security is increasingly at the top of the agenda for schools, especially with the number of ransomware and other cyber attacks on the rise. According to research from McAfee, ransomware attacks – in which sensitive data is hacked and held hostage by cyber criminals in return for financial payments – have risen more than ten-fold in the last two and a half years.
This rise is in part due to hacking methods becoming more sophisticated with cyber criminals having evolved their techniques from the more traditional routes such as malware, worms or viruses, for which IT defences are designed for. Instead, hackers are looking to new tactics including the hiring of moles or internal spies – such as former or existing employees – to pinpoint weaknesses within the organisation and tap into data in return for a monetary sum or other incentive.
Small organisations a prime target
It has often been the case that it’s only global corporations that we hear are experiencing these attacks, with eBay and Domino’s Pizza just two brands to have had personal records held to ransom recently. While they certainly create headlines, it is largely smaller organisations including education institutes that are most at risk – due in part to a limited awareness as well as insufficient security measures. In fact, according to recent research over half of Universities admitted that they’d been hit by at least one ransomware attack this year, with Bournemouth University admitting a total of 21 attacks.
A recent survey from Kaspersky Lab, revealed that three quarters of organisations surveyed believed they were too small to be of interest to cyber criminals with just under 60% of respondents stating that they thought the data they held would simply not be of interest. And yet an attack can have devastating consequences, damaging reputation and causing stakeholders to undergo a serious crisis of confidence.
Prevention, not cure
A number of these attacks are successful due to outdated systems and processes. It’s easy for schools to slip in to a ‘fit and forget’ culture whereby security defences – including anti-virus software, software patches and firewalls – are installed but neglected soon after. This includes the need to make regular checks and ensure that software remains up-to-date. By sidestepping this, schools are finding themselves with a number of legacy processes that are simply not sufficient to protect against modern threats.
Ransomware programmes are becoming more readily available as an easily downloadable online kit, which means that the number of amateur cyber criminals are increasing as hackers become more confident in their technological capability. It’s likely that schools not carrying out regular tests on their protection measures may have already been compromised. As such, it is critical that organisations regularly check the three core pillars of defence; anti-virus software, software patches and firewall.
Claim your free* Cyber Security Assesment
Communicating the danger to employees
For schools which may not have a dedicated IT department, it’s important to educate staff about the possible ways the business can be subjected to an attack. It may be something as simple as clicking on an infected pop-up or visiting an infected site. Similarly, it’s important to be aware of any remote access that a business or individual including pupils, may have to your device, including any visitors to the building that may be using a USB port to download a report for example.
There’s little point in maintaining technology if staff are only going to disable it in order to gain access to a site that is being flagged as potentially dangerous. In promoting the danger of possible threats from the inside out, schools can create a ‘think twice’ mentality that goes some way in reducing their vulnerability.
It’s important to remember that holding confidential data to ransom is no longer just a concern for big businesses, as criminals are no longer afraid to invest heavily to get what they want. For smaller organisations, it may seem difficult to justify investment in security defences for an attack that hasn’t yet happened, but schools often do not know that they’ve already encountered a software attack. To prevent against this, it’s crucial that schools invest in security technology that is regularly checked and kept up to date. In doing so, we can create a culture that is prevention, not cure.
Is your information secured against cyber attacks?
Take our free* Cyber Security Assessment with a qualified ACE practitioner, who will work with you to identify and analyse security issues, and give you guidance on any improvements that are needed to make your network more secure. Register here or call 0121 248 7931.
This assessment also forms part of the Government Cyber Essentials Scheme, a government backed, industry supported scheme to help organisations protect themselves against common cyber threats.
*Terms and conditions apply. Qualification phone call required. You will receive a maximum of 4 hours’ consultancy from a qualified ACE practitioner.
You might be interested in reading; more than 2100 search enquires about 'school hacking' in the UK each month" Read it here