2nd September 2020Cyber Security in Schools

In recent months schools have been targeted by ransomware, causing lots of distress and effecting the school’s ability to operate. It is crucial that schools take the situation seriously and have plan in place to reduce the chances of it happening and know what to do, if it does.

What is ransomware?

Ransomware is a malicious software (malware) that gets onto school devices and network usually through an email, embedded file or software downloaded from a website. It then runs through your network infecting everything on it with the aim of stealing/ encrypting data or locking you out so that you can not access anything and then asking for payment to restore the situation or release the data-  holding you to ransom. Even after payment is paid, access or data may not be restored.  It usually takes weeks and sometimes months to get all the systems back up to working order.

How to protect your school

You can not completely protect your school from being targeted and you should always have in your mind that it will happen. Put regular steps in place to mitigate the risks and a strategy for when it happens.

Regularly check:

  • Your data is backed up to a server that is NOT connected to the network. It needs to be separate so it does not get infected if you are attacked. This service might be provided by your LA or IT support provider. Double check the provision and ask for details. Do not assume it is being done.
  • Most back up services are in the cloud. Make sure it is set up to protect your data. Dropbox, Sharepoint, One Drive and Google Drive may not provide complete protection and should not be used as your only back up. Please read: NCSC guidance on Offline back ups
  • Back ups are done regularly. Your last back up will be the one you will resort to if something goes wrong.
  • Check your network services protect you – email filtering, intercepting proxies, internet gateways and safe browsing. Again check with your LA or service provider that this is covered and always kept up to date.
  • Devices are protected with malware and antivirus software. Again it is critical they are kept up to date with the very latest versions.
  • Update the operating software on all devices and servers used on your school network, this includes devices that go between school and homes.
  • Employ multi factor authentication on laptops / devices ( asking for two forms of ‘ID” to access the device or service) NCSC document on Multi-factor Authentication looks at the different options you can use. Ideal for all staff but essential for staff with access to sensitive data and technical admin rights to the network.
  • Block unapproved software or app downloads.
  • Train staff to be wary of anything that looks suspicious, especially emails that come through from unknown senders or someone pretending to be an organisation you normally deal with. It’s good to question. Get a second or third opinion and ring up the company (from their website contact details) if you are unsure. NCSC now have a staff training package you can use to ensure all staff are aware of the risks.

If you are unfortunate enough to have an incident, here is guidance on what to do:

  1. Start your incident management plan – not got one? Guidance here
  2. Contact the NCSC, via https://report.ncsc.gov.uk
  3. Contact your local ROCU and Action Fraud,via https://www.actionfraud.police.uk/
  4. Inform the Department for Education at this address: [email protected]

There is now quite a bit of support documents available to help schools with this topic and your LA might also have a team available to provide support and guidance.

The National Cyber Security Centre (NCSC) is the first port of call for guidance documents. They have some specific to schools and cover all the threats, mitigation and what to do if you have a cyber security incident.

Practical tips for everyone working in education

Cyber security risk management guidance

Questions for school governors

The NEN also have some documents (school specific) that cover common cyber threats, checklist and ‘What if’ document