A Cyber Security in UK schools report showed that 17% of schools have reported a cyber attack, and the most common of these attacks (at 48%) was ransomware.

This ,report carried out by SWGfL, in partnership with the University of Kent and supported by Bitdefender, showed that schools need to develop a strategy to protect against the effects of a ransomware attack. Key to this is regular Security Awareness Training, regular backup/recovery processes and a Cyber Incident Plan when faced with an attacker.

What is Ransomware?

Ransomware involves the use of computer viruses that threaten to delete (or release publicly) your files unless the ransom is paid (often in bitcoin). Like other computer viruses, it usually finds its way onto a device by exploiting a security hole in vulnerable software, cracking weak passwords or by tricking somebody into installing malware via a phishing email.

Cyber Security in Schools

The report showed that schools aren’t aware of the risks, A further ​​31% of respondents said that they do not have an IT security policy in place, so they were unaware of the risks that might affect their data and assets.

You must keep your school secure by implementing cyber security, password, social media and working from home policies but also give staff regular security awareness training.

Whilst basic knowledge of cyber security should be expected from all your staff, it’s important to implement cyber security training as a business. You should increase the level of training with specific guidance on the types of attacks schools are more likely to face.

We know that ,Schools, Colleges and Universities need to stay protected against ransomware - cyber attackers often strike during busy exam weeks and when students are given exam results. This is to cause maximum disruption to your systems to encryption large volumes of data and make you more likely to pay the ransom demand to get this data back at such an important time of the year.

How does a Ransomware attack disrupt schools?

In June of 2021, the ,Evening Standard reported that two schools in Kent were forced to send pupils home and shift to remote teaching. This is after hackers broke into servers and encrypted sensitive information on pupils. The academy was forced to send out communications urging parents to contact their banks to let them know that personal details could have been stolen.

⚠️ Just four in ten primary schools have given staff Security Awareness Training in the last 12 months. ⚠️

You must be implementing ,cyber security training when onboarding new staff and then follow this training up throughout the school year.

How can the Cyber Resilience Centre help schools?

Headteachers, Directors, Staff and IT leaders working in schools and academies can sign up for our ,free membership and download our ,Cyber Incident Plan to start their journey to stay protected against the most common cyber threats such as phishing and ransomware attacks. Larger academies can also open discussions with us to invest in your staff and take advantage of our affordable cyber security services.

This includes security awareness training, ,vulnerability assessments and ,simulated phishing attacks. Investing in our services and guidance can inform your cyber security strategy and save you money in the long term.