In recent years, cyber-attacks against schools have become a growing concern in the Eastern region. The reasons for this are fairly simple:

• Schools possess large quantities of high value and sensitive data that they may have to pay for to get back.
• Schools networks and processes offer a lot of vulnerabilities through either underinvestment or weaknesses in their underlying processes. In many cases these vulnerabilities are caused by the necessity of having so many people and devices to attach to the network

According to the Cyber Breaches 2022 Survey Education Annex, educational institutions are facing a constant barrage of cybercrime, and phishing remains the top detected cyber-attack. But what exactly is phishing, and why is it such a prevalent threat?

Phishing is a type of cybercrime where an attacker sends a fraudulent message, often via email, that appears to come from a trustworthy source. The goal is to trick the recipient into revealing sensitive information such as login credentials, financial information, or personal data.

The reason why phishing is so successful is that it doesn't require any technical expertise. Anyone can send an email, and skilled manipulators can easily trick busy individuals who are rushing through their emails without considering the bigger picture.

In fact, an average of 90.25% of educational institutions have detected a phishing attack. This means that it's crucial for institutions to do everything they can to prevent these attacks from causing significant damage.

As one respondent stated, "The biggest challenge is getting people to understand that even with multi-layered defences, a single person can still bring down the whole system."

Unfortunately, not enough schools are training their staff to be aware of the risks and how to deal with them. And it's not just emails that phishing attacks can come through; attackers can also use text messages (smishing), voice calls (vishing), and even QR codes (quishing) to trick unsuspecting victims.

To combat this threat, it's essential that educational institutions prioritize phishing awareness training for their staff. By educating employees about the risks and providing them with the tools and knowledge to identify and report suspicious messages, schools can greatly reduce the risk of falling victim to a phishing attack.

Security Awareness Training

Here at the ECRC, we offer a number of affordable Cyber Security and Resilience Services that are designed to assist businesses and their staff to have the right strategies to respond to cyber incidents efficiently and migrate any potential damage a cyber-attack may create.

Through Cyber PATH, local university students are trained and mentored by senior ethical hackers, to deliver all our services and to work with staff to build their cyber awareness, understand the latest cyber threats and secure the business’s online environment.

Your people can be your biggest asset and with our Security Awareness Training (SAT) they can become highly effective barriers to cybercrime.

Our Awareness Training focuses on those with little or no cyber security or technical knowledge and is delivered in small, succinct modules, using real-world examples. We tailor our Security Awareness Training to each individual audience to provide the right level of skills and context for your business. We can deliver training to any sized group, in-person, remote or a hybrid of the two.

The trainers are highly knowledgeable, personable, and friendly and pride themselves on providing the right environment for your people to feel comfortable and to ask questions. Below are testimonials from businesses who have already had our Awareness Training:

Testimonial 1

“The Cyber Path Student was a confident and knowledgeable presenter who put all attendees at ease and lead a thoroughly enjoyable and hugely useful and informative session. Time well spent!”

Testimonial 2

“Whole session was good-humoured, appropriately targeted (relevant), interactive - and had well-timed (and much appreciated!) breaks!”

Testimonial 3

“The student was a natural presenter, the session was fun and engaging with the right level of detail for the audience. She quickly built a rapport with the audience, delivered the content well and got the whole room discussing Cybersecurity early on. It was a great way to delivery cost effective Cyber Awareness training, build the knowledge within the staff and help them be more aware and more secure online. I’d definitely use CRC again to deliver additional Cyber Awareness training to my clients.”

The benefits of Security Awareness Training

For just a few hundred pounds, you can help to protect your school against a cyber-attack that ultimately could cost you thousands.

Our Security Awareness Training covers a wide range of cyber security topics, including social engineering, ransomware, and phishing attacks. The training provides simple and effective knowledge for people to understand their environment and provides the confidence to challenge when something doesn’t look right.

With educational sector becoming a big target for cyber criminals, it is vital that your staff are aware of the potential risks and steps to protect themselves.

What’s next?

Here at the centre, we would advise you to do three things now:

• Join our free core membership. Start implementing some simple changes now and start protecting your organisation, staff, customers, and supply chain.
• Contact us to arrange a meeting to discuss providing Security Awareness Training for your company.

Here at the ECRC, we are already working closely with hundreds of organisations across the seven counties to help them tackle the continually changing cyber threats that they face. So come and join our community as free members and let us help you protect your organisation from the ever presents threats out there in the cyber-verse.

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.

Reporting a cyber-attack which isn't ongoing

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.

Report a phishing attack

If you suspect a phishing attack, please report it to the Suspicious Email Reporting Services (SERS) set up by the NCSC at: report@phising.gov.uk

Text messages can be forwarded to 7726