As the new academic year commences, schools and colleges have been cautioned to brace for potential cyber attacks.

The National Cyber Security Centre emphasised the importance of implementing"appropriate security measures" to minimise disruption and protect against threats as the start of a new term could amplify the impact of any cyberattack and make them more likely.

This time of change could present opportunities for cybercriminals as creating accounts for new students and staff, along with the lack of management and policies concerning portable devices (like mobile phones, tablets and laptops), might introduce vulnerabilities.

Summer is when people often use their portable devices for leisure activities like gaming. If teachers and students took devices home or brought their own, these could have picked up infections or malware that might now pose a risk to the school's systems.

Last year, a high school experienced a hack that took all its computer systems offline,leaving technicians very little time to restore services before the new term. In September of 2022, just weeks into the new term, a cyberattack crippled the internal systems of six schools within the same academy trust.

Schools are not typically targeted by concentrated attack campaigns like businesses are, butare seen as opportunistic targets due to often weaker cybersecurity defences compared to other institutions.

It’s vital that staff and students understand the threats they face

There is clearly a need in schools and colleges for basic digital hygiene to safeguard vital data. This includes setting up two-factor authentication for educational accounts and keeping computers and software up to date. Regularly reminding students and staff about online safety practices, such as using strong passwords, avoiding suspicious downloads, and recognizing phishing attempts in emails is really important.

Cybersecurity is no longer just the responsibility of a small IT team, users are now on the front line, and its vitally important that students have a basic and general understanding of cybersecurity and how crucial it is.

A recent study revealed that one in seven 15-year-olds is at risk of falling for a phishing email (this is a fraudulent email designed to steal personal information by directing users to deceptive websites). The study, which involved University College London, found that this risk increases to one in five among teenagersfrom disadvantaged backgrounds, with those possessing weaker cognitive skills being most vulnerable.

Schools and Colleges are very rich in data making them seen as easy targets

Professor John Jerrim, the study's author, said that "more needs to be done" to support and educate teenagers who are navigating an "increasingly complex and dangerous online world."

The National Cyber Security Centre has previously warned about the rise in ransomware attacks targeting educational establishments. In these attacks, criminals infiltrate a network and block access to systems through the deployment of malicious software, until a ransom is paid.

While overall ransomware attacks hit a four-year low in the first quarter of 2023, they have been steadily rising since then, according to a threat report by cyber security firm SonicWall. SonicWall said that schools are powerhouses of data, making them attractive targets for hackers seeking to execute phishing and financial scams.

As schools and colleges prepare to resume, cybersecurity should be a top priority, both in terms of budget and mindset, especially as educational institutions increasingly depend on internet-based tools in the classroom.

A spokesperson from the Department for Education stated that it is the responsibility of education providers to be aware of cybersecurity risks and implement appropriate measures, such as data backups and incident response plans."We closely monitor reports of all cyberattacks, and when an attack occurs, we instruct the department's regional team to offer support," the spokesperson added.

How Cyber Regiment Can Help

Cyber Regiment is actively working with educational institutions to help minimise the risk to their data, students and staff. Our state-of-the-art software and services play an active role in helping to detect, monitor and remedy attacks and breaches.

Please contact us to find out more about how we can help you, your business and educational institutions.

‍

‍