With the recent increase in cyber attacks within the education sector, here are some top tips to avoid this happening to your school, college or university.
Published 27 May 2021
Last updated 27 May 2021
Since late February 2021, the National Cyber Security Centre (NCSC) has identified an increase in cyber attacks within the education sector.
These attacks are predominantly ransomware attacks. This is where cyber criminals use a malicious software to block access to computer systems, and threaten to release the organisation’s sensitive data unless the ransom is paid.
Due to the nature and amount of sensitive information that schools, colleges and universities hold, these attacks can have a devastating impact.
How can my organisation be attacked?
Ransomware attackers can gain access to your computer systems in many ways:
Distributed Denial of Service (DDoS)
This is an attack designed to cause widespread damage and disruption to the network, causing a massive impact on productivity. Attacks against online educational resources are over 3 times more prevalent in 2020 than they were last year, due to the lack of security protection when working from home.
Spear phishing
This is an attack through email or electronic communications, in an attempt to scam the individual and to lead them into a bogus website full of Malware, giving the hacker access to a wealth of information.
Other areas of access include:
- phishing
- vulnerable software or hardware
- remote access
- remote desktop protocol
- virtual private network (VPN) vulnerabilities
Why is it important to protect your data?
Data is valuable. In the education system it is important that the safety of students, and all of the information that you store is not compromised. In the unfortunate event of an attack, data can be used in many ways:
Financial gain
Data can be used as a bargaining tool to extort money. As universities and colleges are handling large amounts of money in student fees, they are a prime target for cyber criminals.
Fraud
Data is extremely valuable and can be used to steal someone’s identity or to gain access to their online accounts for malicious purposes.
Espionage
Universities are usually centres for research and hold intellectual property. This can be used for personal, economic, political or military advantage. This also poses a large threat to a large volume of personal data and the misuse of information.
How can these attacks be prevented?
Useful guidance
Familiarise yourself with the NCSC alert for the UK education sector. The NCSC are the UK’s National Technical Authority for cyber incidents and have a wide range of guidance on their webpage.
Cyber training
Managing risk isn’t just about having the right technology – people are an important part of risk management too. Raising awareness of cyber security within your organisation can play a vital role in countering cyber threats. Cyber awareness training will ensure that your staff understand the potential threats, the impact they have on the organisation, and the steps they need to take to prevent these threats infiltrating their workspace.
Back-ups
In the event of a cyber incident, having access to recent, tested offline backups will ensure that your organisation is able to recover quickly and to restore data.
Penetration testing
This can be used to audit and test your IT systems, identifying potential vulnerabilities and recommending effective security countermeasures.
To mitigate malware and ransomware attacks please seek NCSC guidance.
Please report any incidents to the NCSC and seek expert advice.
How can CCS help?
We have a dedicated cyber security team that can help you protect against the increasing complexity of cyber attacks. The Cyber Security Services 3 dynamic purchasing system (DPS) is the only route to market for NCSC-assured services and covers a wide range of cyber services.
To learn more, visit our Cyber Security Services page or contact the team.
Don’t forget, you can find a full list of all the commercial agreements we offer, alongside details of how we can help you build policy considerations into your procurement, in our interactive digital brochure.