What is a Cyber Attack?

A Cyber Attack is the process of attempting to steal data or gaining unauthorised access to computers and networks to carry out a data breach. The goal of a cyber-attack is to either disable the target computer and take it offline or to gain access to the computers data and infiltrate connected networks and systems.

Any school can fall victim to a Cyber Incident regardless of its size. The networks are used by many different users and devices.

What is Cyber Security?

Cyber Security is to protect the devices we all use in our everyday lives.  From Smartphones, laptops, tablets, and computers.  It protects the services we access both online and at work from unauthorised access to the data we store on said devices.

Why is it so important?

We are now able to do most things online nowadays, from online banking to the weekly shop. From online zoom classes to social media.  It is therefore even more important to protect ourselves and our organisation from cyber criminals getting hold of data, services, and accounts.  It protects all categories of data from theft and damage.  This includes sensitive data, personally identifiable information, and asset data.

What can we/I do to protect our school?

Protecting yourself and your school from cyber security risks can seem like an enormous job that you just do not have the time to do, however these quick simple steps below could help you from falling victim to cybercrime and causing major disruption to your school.

1. Data Back Up

You should take regular backups of your data and make sure that these backups are recent and can be restored. When backing up your data, identify the data that you need to back up.  Keep it separate from your computer, whether this is on a USB stick or a different computer.  This should not be shared with any other members of staff.  Try and make backing up data a regular occurrence. Most networks are now able to do this automatically.

2. Protecting your school from Malware

Malicious software (also known as Malware) is content that can harm your school.  Malware is usually a virus that infects your software.  Make sure that you install antivirus software on all computers and laptops. If apps need to be downloaded, these should be from a manufacturer approved store such as Google Play or Apple App Store. Make sure to switch on your fire wall as this will monitor incoming and outgoing network traffic and block malicious traffic such as viruses and hackers.

3. Smartphones and tablets

Smartphones and tablets are now as powerful as traditional computers, and because they are leaving the workplace and home, they need more protection than ‘desktop’ equipment.  Always enable fingerprint recognition if your device allows for this.  Passwords should be suitably complex as opposed to easy (one that a criminal could gather from your profiles on social media).  Do not connect to unknown Wi-Fi hotspots, these hotspots could be controlled by anybody and quite easily then be able to access your private login details.  If you are not sure, and you need to be online then be sure to use your mobile network.  Make sure that lost or stolen devices can be tracked, locked, or wiped by turning this on via mobile device management software.   Finally remember to keep your device and apps up to date as these will contain security updates.

4. Passwords

Passwords when implemented correctly are a free, easy, and effective way to prevent unauthorised users accessing your devices. It is common knowledge to use passwords to protect your devices and data but by putting some thought into creating a strong password makes it less likely that someone will be able to guess your password.  Avoid using simple predictable passwords.  Whenever possible, use the two-factor authentication for any of your accounts.  It adds a large amount of security for not much effort.  It requires 2 separate forms of identification to access something. Most commonly the first is a password, followed usually by a text with a code.  A common mistake is not changing the default password that is issued with the device.

5. Phishing

Phishing is commonly a fake email sent to thousands of people asking for sensitive information (such as bank details). These emails can seem legitimate and can often seem as though they have come from a trusted well know company.  Phishing emails are getting harder to spot and some will get past even the most observant users. 

Check for the obvious signs of phishing emails.  Many of these emails originate from overseas so the spelling, grammar and punctuation can be poor. One of the most common tricks is to include sending an invoice for a service that you have not used. If the email is not personalised with your name, and just includes ‘Dear colleague’ the sender probably does not know you and may well be fake.  If the email appears too good to be true, then it usually is!

Configure your staffs accounts to ‘least privilege’, so that if they are the victim of a phishing attack the potential damage is reduced.  Finally make sure that all staff are encouraged to ask for help if they think they might have been a victim of phishing, especially if they haven’t raised it before.  Do not punish staff if they get caught out, it will most certainly discourage people from reporting it in the future and can make them so fearful that they spend a lot of time and energy scrutinising every single email that they receive.

If you do believe that your school or organisation has been a victim of online fraud, scams or extortion, you should report this through the Action Fraud Website

This information has been taken from the NCSC Website