As schools start to wind down for the summer holidays, this is a good time to really consider just how vulnerable they are when it comes to cybercrime and what measures they should be taking to improve their cyber resilience.

Earlier this year, the government issued the Cyber Security Breaches Survey 2024 which contained the following findings collated from samples of UK educational institutions:

·       52% of primary schools identified an attack in the past year (which sits relatively close to the number of businesses which also reported a breach).

·       71% of secondary schools identified a breach or attack in the past year.

WCRC Director, Paul Peters, recently delivered a presentation at a school bursars’ event and spoke to businesses that manage the network for a number of schools in order to get an insight into the issues.

The problems identified to him included suffering from underfunding, a lack of patching / updating, unsupported machines and an absence of robust policies.

To understand more about these vulnerabilities, Simon Roberts, Director of Technical Solutions and Sales from Morgan and Morgan Business & Technology, a multi-award-winning managed security solutions company (MSSP) and a WCRC Cyber Essentials partner, talked us through what these issues are and the steps that schools should be taking to improve their cyber security.

• Why are schools such an attractive target for cybercriminals?

Sensitive Data: Schools store a wealth of sensitive information, including personal details of students, parents, and staff, as well as financial information and academic records. This data is valuable on the black market.

Limited Resources: Many schools have limited budgets and resources for cyber security, making them easier targets compared to well-funded organisations.

Varied User Base: Schools have a diverse and large user base, including students, teachers, administrative staff, and sometimes even parents, which increases the number of potential entry points for attackers.

Lack of Awareness: Students and staff might lack awareness or training on cyber security practices, making it easier for cybercriminals to exploit human error.

• What are the most common cyber-attacks currently used by hackers to infiltrate a school’s network?

Phishing Attacks: Emails or messages that trick users into revealing sensitive information or installing malware.

Ransomware: Malware that encrypts the school's data and demands a ransom for its release.

Distributed Denial of Service (DDoS) Attacks: Overloading the school's network with traffic, making it unavailable for legitimate users.

Data Breaches: Unauthorised access to sensitive data, often involving hacking into databases or networks.

Malware: Various forms of malicious software, including viruses, trojans, and spyware, that can disrupt operations or steal information.

• What damage can a cyber-attack on a school cause?

Data Theft: Loss of sensitive student, staff, and financial data, which can lead to identity theft and other crimes.

Financial Loss: Costs associated with responding to the attack, including paying ransoms, legal fees, and investing in improved security measures.

Operational Disruption: Interruptions to the educational process, such as systems being down or unusable, leading to lost instructional time.

Reputational Damage: Loss of trust from students, parents, and staff, which can affect the school's reputation and enrolment numbers.

Legal Consequences: Potential legal liabilities and regulatory fines for failing to protect sensitive information adequately.

• In your experience, what are the biggest vulnerabilities for a school?

Outdated Software: Using outdated systems and software that no longer receive security updates.

Weak Passwords: Lack of strong password policies and use of easily guessable passwords.

Insufficient Training: Lack of cyber security training for staff and students, leading to poor practices and easy targets for phishing.

Inadequate Network Security: Weak network security configurations, including insufficient firewalls and intrusion detection systems.

Bring Your Own Device (BYOD) Policies: Allowing personal devices on the school network without proper security measures in place.

• What are five key basic cyber resilient tips that you advise all schools to put in place to help protect against a cyber-attack?

Education and Training: Conduct regular cyber security training and awareness programmes for staff and students to recognise and avoid cyber threats.

Strong Password Policies: Enforce strong password policies, including the use of complex passwords and regular password changes.

Regular Software Updates: Keep all software and systems updated with the latest security patches to protect against vulnerabilities.

Implement Multi-Factor Authentication (MFA): Use MFA for accessing sensitive systems and data to add an extra layer of security.

Data Backups: Regularly back up critical data and ensure backups are stored securely and tested periodically for recovery.

The Police CyberAlarm tool is free and completely available to all who wish to understand and monitor malicious cyber activity. It will detect and provide regular reports of suspected activity, enabling organisations to minimise their vulnerabilities. 

For more information on the WCRC and the services it provides, you can contact a member of its team.

​