By Claire Stead, Online Safety Expert at Smoothwall
The series of recent WannaCry ransomware attacks shook the world. Not only did it temporarily take down much of our National Health Service, but it affected more than 100 countries and organisations across industries, and was a bleak reminder that the cyber threat is very real. Without doubt, it opened the eyes of organisations, at all levels in all industries, to the state of security in the digital world, including education.
Regrettably, there are those who would take something as positive and powerful as the internet and the digital world we now live in, and exploit it to cause harm, upheaval and fear. Now, 50% of all crime is cyber-related and ransomware attacks have increased by 600% over the last year, all of which highlights the mounting seriousness that ransomware and other cyber attacks are becoming.
What’s clear is that it’s no longer just big businesses that are vulnerable to online threats. All organisations, large and small, public and private, are potential targets. Unfortunately, this includes schools. Educational institutions need to be taking their cyber security as seriously as a bank would, and make it a top priority ensuring that they have the right measures in place to protect themselves and their pupils from malicious activity.
As of September 2016, it is now required of schools to have web filtering and monitoring solutions in place to safeguard their pupils. They need to be taking a four-pronged approach to ensure they are as secure as possible:
Although cyber security has been largely talked about in the media for some time now, it wasn’t always at the front of mind.
The first step of any security plan is to shift the mind-set in schools. School security needs to be discussed at a board and governor level, with IT departments involved ensuring they are educated as to the risks, and understand the importance of having strong security measures in place. Schools should consider having a security specialist board member so they are regularly kept up to date with the latest cyber threats, and have a designated senior member of the team responsible for ensuring that the right measures are being implemented.
It is no secret that human error is the leading cause for cyber security incidents, making up 60% of all cyber-related breaches. Consequently, it needs to be taken seriously by the head teacher, staff and pupils, and a strong security culture must be instilled throughout. This comes with educating both staff and pupils on the risks and the security processes in place to mitigate the risks.
The most common passwords of 2016 were “123456”, “qwerty” and “password”, which are completely inadequate and dangerous
Some simple tips include regularly updating passwords and ensuring that they contain at least eight characters with a combination of lower and upper case letters, numbers and special characters. The most common passwords of 2016 were “123456”, “qwerty” and “password”, which are completely inadequate and dangerous. They are often used for multiple accounts which can cause a domino effect from even one data breach.
Teachers, other members of staff, and pupils need to ensure that they don’t open any emails if they look remotely suspicious. Phishing email scams are designed to look like they are sent from an authentic company, but are sent by scammers trying to obtain personal information to steal money or data. If everyone within the school is that much more educated around cyber security, it can have a great impact on schools’ defences.
Schools need to have a layered security programme, so that they do not rely on a sole provider and can create a robust brick-laying effect that cyber criminals will struggle to infiltrate. Even in schools, having enterprise-grade security solutions in place, beginning with firewalls, encryption, and good security software, should form the basics of a strong defence system.
Even once a school has taken all of these measures, it doesn’t stop there. It is no good to have a security programme installed and to never think of it again. The landscape is developing at an incredible rate, and as a result, schools need to ensure that they are keeping up to date with the latest updates and improvements to remain protected as best they can be.
Cybercrime is not going to wane anytime soon. It has disrupted businesses, elections and of late, healthcare systems – and schools are no exception to the rule
Cybercrime is not going to wane anytime soon. It has disrupted businesses, elections, and of late, healthcare systems – and schools are no exception to the rule. Being protected online is of vital importance in this digital age and needs to be taken seriously, especially when it is children and the younger generation that could be exposed. Schools need to ensure that they are following the four ‘Ps’ and are constantly vigilant in a world of digital predators.