Education are the second largest sector when it comes to incidents reported to the ICO (14% of reports).
The reasons for the education sector being a target are fairly simple
A number of education ransomware alerts have been published by the National Cyber Security Centre throughout 2020 and 2021, and more are expected over the coming year. 1000s of schools have been attacked over the past few years and many have resulted in long term problems for the organisations affected, including the staff, students, and parents.
Whilst the rise in attacks was blamed partly on the pandemic and a rise in remote learning, the risk to schools will persist until they are provided with the tools to fight back. And these attacks are happening right now in our region. In the summer of 2021, a ransomware attack against schools in Kent actually caused several of them to close for several days whilst the data breach was resolved. And within the last two months, one school in Essex experienced a significant cyber-attack, and data from its network was published on the dark web!
A school or college becoming aware that they have been attacked will often start with a member of staff asking, ‘Why can’t I open my files?’ But remember that most cyber-attacks are conducted by stealth, and they will not always want to be found. So, the first consideration is ‘Do we have a process to proactively look for cyber-attacks even when everything is operating normally?’ As a member of the ECRC you will receive free updates about vulnerabilities that have been flagged by other organisations specifically to help the wider community. Including you.
Unfortunately, the first time that an organisation discovers they need an Incident Response Plan often coincides with the realisation that they don’t actually have one. The plan itself is simply a document containing the details of key personnel who you can contact if you are worried that you have been victim of a cyber-attack. It also contains key information to help you move through the various stages of containment and then recovery. Having a good response plan means that you are more likely to come through the experience more quickly and efficiently and with less of your systems exposed to the hack. And the responsibility for establishing and maintaining a plan is down to the business owner and not the managed service provider you use for your IT.
If you find that you have been breached, you may never find out exactly how – what is important is that at that point the criminals still have access to your network. The wrong decisions now could have a devastating effect on your business, and you could face additional, financial, and reputational loss if you don’t make the right decisions next.
As can be seen in the below diagram you will start in the triage stage of the breach, trying to figure out what the scale of the breach is and the impact now and in the future.
Increasingly cyber experts are accepting that blocking all cyber-attacks is not an achievable outcome and that it makes sense to be prepared for when the attack occurs. Being well prepared for an attack is a key step in making yourself resilient in the online world.
To save you the time of having to start one from scratch – go to our tools section and download an incident plan for free. All you have to do is read it and fill in the key bits of information and you have a document that you can rely on if the worst actually happens.
If you have a plan already, why not consider having one of our students through Cyber PATH carry out a Business Continuity Review to ensure you have considered everything important.
Once you’ve got an incident response plan prepared the next stage to establish your readiness is to try it out in a safe environment.
The National Cyber Security Centre’s Exercise in a Box is an excellent starting point. This exercise will help you to check out how well you and your business can respond to a cyber-attack. Your local Protect officer can run a guided Exercise in the Box with you if you have never looked at running one before.
In fact the latest guidance from the Department of Education explicitly states
"Your business continuity and disater recovery plan should include a regularly tested contingency plan in response to a cyber attack"
Here at the centre, we would advise you to do three things now
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).
Click to Open Code Editor