Schools & Cyber Security Awareness Month #Besmarterthanahacker

Schools are particularly vulnerable to attacks from Cyber Criminals with 35 this year (to end of September 2023). #Besmarterthanahacker during Cyber Security Awareness month and beyond.  This security intelligence report of a 30 day period from Microsoft shows how education worldwide is in a different category of risk when compared to other sectors.  The cost of cyber breaches within schools is estimated to exceed the cost to all other sectors combined.

As October 2023 is Cyber Security Awareness month and as schools are one of our key sectors, we thought we’d take a look at some of the issues facing schools.

  • The biggest risk is from phishing attacks and in particular ransomware. In 2022 56% of all schools (and 65% of higher education) and been hit by ransomware
  • Emails that appear to be from a trusted person (Business Email Compromise)
  • Often an attack will result in a loss of school service with ransomware attacks leading to loss of coursework, financial records and of access to email accounts.
  • Successful delivery of attacks can raise risk of inappropriate content reaching students.
  • High turnover of students and to a lesser extent, staff, and forever replenishing data – which is attractive to criminals.
  • Schools have an open (sharing information) culture which can mean lower discipline levels to data security than in other sectors.

So, what can schools do to protect themselves?

  • Ensure the Whole School takes Cyber Security seriously from the Head Teacher and Governors down to the newest and youngest student…and that a senior leader has ownership. Have Cyber Security Champions whose role it is to keep awareness high.
  • Budget for Cyber Security.
  • Cyber Awareness training for staff, governors, and students.
  • Ensure Data Protection Policies and Processes are fit for purpose.
  • Have all School owned devices under centralised control.
  • Increase complexity of passwords for all and adopt Multi-Factor Authentication for all users.
  • Adopt a Vulnerability Management programme.
  • Carry out configuration reviews and regular patching.
  • Test weaknesses through regular Penetration testing.
  • Keep a robust and up to date access controls.
  • Strong network security that extends to remote workers.
  • Don’t pay ransoms.
  • Have an Incidence Response Plan so that you are always prepared…
  • Use WatchGuard Security Solutions. As a WatchGuard Gold Partner we would say this – but the level of protection and SIEM like intelligence is perfect for Schools.

Education Cyber Security Awareness Month #Besmarterthanahacker