The recent BBC investigation which highlighted the leaking of highly confidential documents from 14 schools emphasised the need for the education sector to be extra vigilant with their cyber security.
Schools are being targeted by an organisation called the Vice Society. They are actively targeting the education sector, with 14 schools’ data listed on its site in 2022.
The organisation has built a detailed knowledge of the sector by frequently targeting schools. It chooses its victims carefully, gains initial access, steals the data and then makes its demand. The data is then leaked on a website if payment is not made.
Documents stolen from Pates Grammar School, one of the latest victims, included passport scans of pupils and parents from a school trip and staff contracts.
Prevention is always better than cure
It may seem like an obvious statement, but it is certainly true in this case. Simon Page, CCO at ILUX comments: “Once you have received a ransomware demand, it’s almost too late to mitigate. They may well say that if you pay the ransom, you will get your data back or it won’t be leaked. But in reality, you have no guarantee that this is true. If someone stole your bike and said you could have it back after transferring them £100, would you trust them to return it?”
Anti-Spam, Anti Malware, Web Protection and Firewalls will monitor for signs of suspicious behaviour on your network. Your IT provider should offer you a package of measuring and monitoring that will keep you secure. However, most new threats are unwittingly triggered by your staff falling prey to the online scammers, so it’s vital to have robust, comprehensive security and backup protection in place. Keeping one step ahead of potential threats means that your business can avoid the worst happening should a compromise occur.
Below is a list of resources that will give you some practical guidance:
Five top tips – Phil Abrie, ILUX Technical Director shares his top five tips to keep your business secure
Seven layers of cyber security – Simon Page talks through an effective layered approach and how it relates to your business
The National Cyber Security Centre (NCSC) offers comprehensive training for staff and a specific course for schools
The buyer’s guide to phishing – a simple and practical guide to help you spot phishing scams
Phil said: “The best piece of advice I can give schools is to train your staff, regularly. Make sure they are aware of threats, instil a “think before you click” philosophy and make cyber security part of their everyday routine.”
ILUX is offering all education sector organisations a review of their cyber security. We will look at all your existing layers of protection and produce a detailed report of where you are exposed and what steps you should take to enhance your security. Click here to book an initial 15-minute call to find out more.