We’ve all experienced some kind of cyber-crime attempt, whether by email or SMS, or any of the really smart ways which cyber-criminals are putting their minds to these days. As technology gets smarter, so do the cyber-criminals and the damage they cause can be huge, especially in schools.
We’ve already spoken about the increase in schools being targeted by ransomware and obviously, Dataspire is here to help any school that falls victim to cyber-attacks but because “prevention is better than cure”, we want to ensure you have all the information at your disposal to proactively shield you and build your school’s cyber-defence.
Advice and Guidance
If you are looking for it, there’s lots of advice and guidance around, so much so, that it’s often difficult to know where to start. So let’s start at the beginning:
What is ransomware?
Ransomware is malicious software (malware) that enters your IT system and prevents you from accessing your data or your devices by encrypting it. Once encrypted, victims are usually held to ransom with threats of disclosure or non-access in exchange for money, and more recently, in Bitcoin or other types of cryptocurrency. Once paid, the victim might be given a decryption code so they can access their data and device or prevent disclosure but as this activity is perpetrated by criminals, there are no guarantees they will even provide a key. For a school network, this can cause even bigger issues as once the ransomware enters the system, it can spread to other devices on the network restricting and ultimately stopping access for all users.
In the early stages, hackers used a scattergun approach targeting anybody and everybody with random messages hoping for success but more recently, they are using more personalised tactics which are likely to have a more connected and emotional response to catch you out. Hackers are also now targeting larger organisations e.g. schools, as opposed to individuals, so that they can demand larger ransoms.
The thing to note is that even if the ransom is paid, there are no guarantees whatsoever that the data will be released. Paying the hackers can also lead to repeat incidents as those victims are often noted as vulnerable and “soft” targets.
So, what can schools do?
Well, because every school is unique, you may have different systems and services already in place to defend and protect your network but as cyber-crime continues to evolve, prevention isn’t as simple as “setting and forgetting” a solution.
Ask yourself these questions:
- Is your school prepared for a ransomware event?
- If your school was to be attacked tomorrow, what would you do?
- How do you monitor your network for irregular or malicious activity?
There are some effective steps that schools can take to help protect against cyber-crime, such as:
Effective antivirus and security software:
Your antivirus and security software setup should prevent you from malware, ransomware, exploits and viruses. A good antivirus will be able to detect and block both known and unknown malicious software. It should also protect your devices such as desktops, laptops, servers, tablets and mobile devices across all major operating systems.
Most antivirus will detect and remove incidents before you encounter them and will help you to act before the risk becomes too great.
It is important to remember that ransomware operates in a different way to other attacks. It can find its way in through emails initially looking to be from an internal colleague or from a third-party with seemingly correct or relevant information, asking you to click a link. Once clicked, this will trigger the beginning of ransomware. Your security software should absolutely be looking for this specific type of activity and protect you from it. Standard antivirus simply does not look for ransomware activity and thinks of it as a normal operation.
Dataspire recommends Sophos Intercept X as it is unrivalled in its ability to noiselessly detect and address any ransomware associated activity. Without a doubt, it is the most effective cyber-security protection on the market. Speak to us for details.
Who has access to your network and how much access do they have? Schools should be very specific about who can access their network and at what level. This includes your wireless network as hackers will use all kinds of entry points to attack your system. By knowing (and restricting) access to your network, you can identify irregular activity, e.g. why is that user accessing files or devices that they usually wouldn’t?
Ensure you have tight policies restricting privileged access and locking down accounts that shouldn’t have unrestricted or unfettered access. Challenge requests for “full domain admin” accounts, confirm exactly what the account needs to be used for and offer elevated access rather than full-privilege.
Application (black/white) Listing a.k.a Software Restriction Policies (SRPs):
Application Listing is where you create a policy that only allows/rejects specific apps and programmes being added to your network. This can be put in place to restrict uploads to your network whether online or via external devices such as memory sticks. Schools should ensure applications and services that do not need to be run remotely, do not have that capability.
A good backup solution will protect your data from fire, flood or theft, disk corruption/failure, hardware failure, recover deleted files, recover from failed upgrades and of course data lost due to ransomware. It may take time to recover as you will usually need to complete a full network recovery but solid backups will protect your data.
The NCSC recommends the 3-2-1 rule. Make 3 copies, store them in at least 2 locations, with 1 being offsite. This allows you to be certain that your most important data is safe from incidents.
As a foundation, schools should:
- Implement a backup solution if you don’t already have one.
- Decide what data you would like to backup (what data is most important?) and ensure that the backup happens right away. Of course, you can backup as much data as you like but it is crucial that your essential and sensitive data is secured first.
- Understand what your backup service provides. For example:
– Are backups restorable and recoverable?
– How quickly can you find and recover the most important data?
– Do your backups return everything that you put in?
- Test your backups. It’s all well and good ticking the box to say that you have data backup but when did you last test it? How do you know how easy it will be to action any of the above? The last thing you want to do is wait until an incident to find out, so test your backups and regularly.
- Finally, with so many schools implementing the DfE’s offering of a digital education platform, this data will need backing up too. Shifting to remote learning was challenging enough without having to start from scratch due to data loss. Check that your backup solution can also backup Google Workspace for Education and Microsoft 365.
The Dataspire Backup solution helps to protect schools’ data from cyber-criminals and simple human error. It allows you to access your data completely and immediately, and because it is stored in the cloud we offer the ultimate security and scalability so that as your data grows, so too will your storage. And yes, this does include your digital education platform. Speak to us for details.
It’s absolutely vital for schools and ALL school staff to understand cyber-risks and how to better protect yourselves online, and by learning how to manage these risks, your school can reduce the chances of being impacted by a cyber-attack.
We’ve already spoken about how cyber-crime continues to evolve and so regular training and updates will provide your colleagues with the tools and skills needed to identify possible risks and ensure your school data is protected. It’s also absolutely key to ensure you push out reminders on best practice with guidance such as:
- Do not click on emails you don’t recognise
- Check with the sender if an email is asking for data or getting you to click a link that is unusual or just unexpected
- Change your password regularly and ensure it is complex
- And if something feels strange, it usually is.
If you feel your staff could benefit from a refresher on cyber-security best practice, we can help. We can work with your school or a group of schools to provide the latest advice and guidance, so please speak to us for details.
Develop/Review your Business Continuity Plan:
As with all other processes and policies, schools should make a Business Continuity Plan just in case all the other plans don’t work.
Consider this – is all of your staff aware of the steps to take in the event of an attack?
Make a plan that outlines all of the above as well as what to do in case of a ransomware event. It’s also essential to have a plan in place as it’s not just about protecting the school from malicious attacks, your Business Continuity Plan provides additional support for internal incidents such as accidental data loss.
All-round cybersecurity best practice will also help your school in terms of data protection, safeguarding and more ways than you can imagine as it’s all connected.
Why is this important now?
This is even more important now because the NCSC has seen a 300% increase in attacks on organisations, and because we know that teaching and learning is becoming increasingly reliant on technology regardless of the subject. It also impacts the daily management of school business operations such as finance and administration, and even communications with colleagues and parents.
By forming good habits now, you can help to prevent your school from issues later down the line and it’s not just an issue that should be passed onto your IT support or provision. It needs to be taken seriously by all school personnel as it overlaps with guidance and instruction from Keeping Children Safe in Education and your Prevent Duty.
Cyber-security is about governance and whole school awareness.
For more support:
For more guidance on cyber-security in schools, feel free to get in touch. Our team can provide additional support on your antivirus and backup needs, staff training opportunities and support on the administrative and procedural sides of your cyber-defence.