30th January, 2023
The Education Sector has always been highly targeted by cyber criminals and an increasing number of schools and colleges are now being seriously impacted by security incidents. Senior leaders and governors need to be aware that cyber security is an important management and governance issue. Poor cyber hygiene can affect a school’s ability to function, its reputation and its legal obligations to keep its pupils, staff, and parents’ personal data safe. With 47% of UK schools feeling underprepared for a cyber-attack we look at some of the challenges faced by schools.
Why are Schools & Colleges Targeted?
The primary focus of schools & colleges is education and care, not cyber security. Security often goes under the radar and falls to under resourced IT departments, becoming easy targets for attackers. The information that can be obtained can be valuable and the reputational damage irreparable.
The key reasons for schools and colleges being targeted:
- Sensitive Nature of Personal Data Held - Schools collect and store a lot of personal information about staff, parents, and students including sensitive information such as grades, medical records, and contact information. This data can be valuable to cyber criminals, who may use it for identity theft, financial fraud, or other forms of exploitation.
- Lack of Security - Schools often have limited resources to invest in cyber security and will not have the same in-house expertise as enterprises. This can make schools an easy target for cyber criminals who look to exploit vulnerabilities in school IT systems.
- Outdated Technology - Many schools use outdated technology, such as unsupported software and hardware which can often be much more vulnerable to attack. Schools may not have the resource or budgets to upgrade their technology regularly which can leave them exposed.
- Intellectual Property - Research data and Intellectual Property held within Higher Education establishments can be of great interest to nation-state actors. Maintaining the integrity of research data held can be critical for the future and ensuring that data is properly protected against theft, alterations or deletion is extremely important.
Cyber security should be high on the agenda for any school with a reliance on IT and online systems.
Both the school leaders and the governing body should want to ensure they are fully aware of cyber risks and have adequate precautions in place to protect against a cyber attack and be prepared should the worst happen.
Schools will already be following similar approaches when it comes to managing risks and responsibilities around GDPR and safeguarding pupils more generally, so the same needs to be applied to Cyber Security.
The key challenges are:
- Limited Resources - Schools often have limited budgets and staff, which makes it difficult to implement and maintain effective cyber security measures. This can leave schools vulnerable to cyber-attacks and data breaches.
- Lack of Awareness and Training - Many teachers and school staff may not have the knowledge or training necessary to recognise and respond to cyber security threats. This can make it difficult for schools to identify and address security risks, leaving them vulnerable to attack.
- Remote Learning - With the increase of online and remote learning, especially prevalent during the COVID pandemic, schools must provide access to their systems and resources from outside the school network which can increase the attack surface for cyber criminals.
- Use of Cloud Services - Remote learning has brought about the widespread use of cloud services to enable learning remotely. Unless configured securely and regularly reviewed, these platforms can allow for attackers to gain access to sensitive data via an alternative means.
- Lack of Technical Controls - A recent report released by NCSC and LGfL highlighted that many schools are not implementing basic security controls such as Multi Factor Authentication (MFA) and Device Level Control. These are commonplace in enterprises, but a similar approach is needed in schools.
- Insider Threat - Some pupils may deliberately engage in malicious activities such as hacking into school systems.
How can Telesoft Help?
Telesoft’s Managed Threat Detection and Response for Schools service provides complete network visibility across On-Premise IT and Cloud Hosted applications with 24/7 human-led threat hunting, compromise assessment, rapid alerting, and threat containment.
Our Managed Detection and Response (MDR) services help by providing active monitoring and response to cyber threats, by detecting, investigating, and mitigating malicious activity before it causes significant harm.
- UK Based Security Operations Center
- 24/7 Human-Led Threat Hunting & Compromise Assessment
- Rapid Alerting, Threat Containment & Remediation
- Experienced, Vetted Cyber Analysts acting as an extension of your team
- Enhanced protection against Phishing/Fraudulent Emails, Ransomware and Malware, Service Affecting Attacks (DDoS), Suspicious Activity, Data Exfiltration, Information Leaks and more.
- Access to our Cyber Analysts during the year for talks, presentations and hands-on workshops using our cutting-edge technology to enhance learning and provide security awareness.
Get in touch with our team today for more information - email@example.com