top of page

The education sector remains prime target for cybercriminals

Schools, colleges and universities continue to be prime targets for cybercriminals, but the problem can be mitigated...and we can help!



Cyber attacks against the education sector show no sign of ending. We've seen attacks on colleges, universities, primary schools and secondary schools nationwide, and here in the East Midlands, with a college - who have asked to remain anonymous - being attacked by a major threat actor.


These attacks have impacted schools in various ways, with some schools facing tougher repercussions than others, from having to delay the start of term, to huge data breaches.



Ransomware involves the use of computer viruses that threaten to delete (or release publicly) your files unless the ransom is paid (often in bitcoin). Like other computer viruses, it usually finds its way onto a device by exploiting a security hole in vulnerable software, cracking weak passwords or by tricking somebody into installing it via phishing emails.




Why do criminals target the education sector?


Cybercriminals are deploying ransomware to encrypt your sensitive data, as it will have the biggest impact on your services. This can affect staff and students’ access to computer networks, as well as services including email systems, payment systems, phone applications and websites.


Every school holds valuable information just like any business; student medical records, parents contact details, bank details, exam grades and teachers’ personal information. This information is valuable to the criminals behind the attack, as they can publicly leak the data online or sell the data to cybercriminal forums and dark web marketplaces for additional revenue.


How can I protect my organisation from a ransomware attack?


  • Always back up your data, restoring files from a backup is the quickest way to regain access to your data.

  • Never click on unverified links, especially when they are from sources or senders that you don’t recognise.

  • Have your IT department regularly scan emails and systems for malware.

  • Only download files from trusted sites - this includes applications for phones and tablets.

  • If you are using public Wi-Fi, always use a VPN.

  • Do not plug in unfamiliar USB devices.


How can the East Midlands Cyber Resilience Centre help my school?


To help the education sector outsmart cybercriminals and toughen up your cyber security, we can provide businesses and organisations with guidance to help improve cyber resilience.


We encourage schools, colleges and universities in the East Midlands to become part of our community, initially by simply requesting a free information pack, and to download practical resources and tools that will help you identify your risks and vulnerabilities. By joining our community, you will also get regular updates on new threats and can train your staff and help them to integrate security measures into your organisation.


We also host webinars, bringing in key speakers from the world of cybercrime, be that police, local authority or subject matter experts. These webinars are aimed at both teachers and school IT departments and contain a myriad of important guidance, advice, techniques and case studies, with a focus on making your school more resilient.

 

Further reading

Have a read of these case studies below...

 

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).


 

Comments


The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.

 

EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page