Helping the education sector avoid cyber attacks

28 May 2021 12:58 PM

With the recent increase in cyber attacks within the education sector, here are some top tips to avoid this happening to your school, college or university.

Since late February 2021, the National Cyber Security Centre (NCSC) has identified an increase in cyber attacks within the education sector.

These attacks are predominantly ransomware attacks where cyber criminals use a malicious software to block access to computer systems and threaten to release the organisation’s sensitive data unless the ransom is paid.

Due to the nature and amount of sensitive information that schools, colleges and universities hold, these attacks can have devastating impacts on organisations. 

How can my organisation be attacked?

Ransomware attackers can gain access to your computer systems in a number of ways:

• Distributed Denial of Service (DDoS) – this attack is to cause widespread damage and disruption to the network, having a massive impact on productivity: attacks against online educational resources are over three times more prevalent in 2020 than they were last year due to the lack of security protection when working from home
• spear phishing – this attack is managed via email or electronic communications, in an attempt to scam the individual and to lead them into a bogus website full of Malware, giving the hacker access to a wealth of information 

Other areas of access include:

• phishing
• vulnerable software or hardware
• remote access
• remote desktop protocol
• virtual private network (VPN) vulnerabilities

Why is it important to protect your data?

Data is valuable, and within the education system it is important that the safety of the students and all of the information that you store is not compromised. In the unfortunate event of an attack, data can be used in many ways: 

• financial gain – hackers carrying out an attack on an education institution may do so for financial gain; data can be used as a bargaining tool to extort money. As universities and colleges are handling large amounts of money in student fees, they are a prime target for cyber criminals 
• fraud – data is extremely valuable and can be used to steal someone’s identity or to gain access to their online accounts for malicious purposes  
• espionage – universities are usually centres for research and hold intellectual property. This can be used for personal, economic, political or military advantage. This also poses a large threat to a large volume of personal data and the misuse of information

How can these attacks be prevented?

Useful guidance

Familiarise yourself with the NCSC alert for the UK education sector. The NCSC are the UK’s National Technical Authority for cyber incidents and have a wide range of guidance on their webpage. 

Cyber training

Managing risk isn’t just about having the right technology – people are an important part of risk management too. Raising awareness of cyber security within your organisation can play a vital role in countering cyber threats. Cyber awareness training will ensure that your staff understand the potential threats, the impact they have on the organisation, and the steps they need to take to prevent these threats infiltrating their workspace.

Back-ups

In the event of a cyber incident, having access to recent, tested offline backups will ensure that your organisation is able to recover quickly and to restore data. 

Penetration testing

This can be used to audit and test your IT systems, identifying potential vulnerabilities and recommending effective security countermeasures.

To mitigate malware and ransomware attacks please seek NCSC guidance.

Please report any incidents to the NCSC and seek expert advice. 

How can CCS help?

We have a dedicated cyber security team that can assist with your requirements and help you protect against the increasing complexity of cyber attacks. The Cyber Security Services 3 dynamic purchasing system (DPS) is the only route to market for NCSC-assured services and covers a wide range of cyber services. 

To learn more, visit our Cyber Security Services page or contact the team.  

Don’t forget, you can find a full list of all the commercial agreements we offer, alongside details of how we can help you build policy considerations into your procurement, in our interactive digital brochure.