We all know that they do happen and we all hope it won’t happen to us, but cyber threats are real. It is also a fact that schools are being targeted.
The National Cyber Security Centre (part of GCHQ) 2017/18 report on The Cyber Threat to the UK clearly lays out the growing amount of reported cyber-attacks and its belief that “The Internet of Things, and its associated threats, will continue to grow and the race between hackers’ and defenders’ capabilities will increase in pace and intensity.”
The continued reliance on, and escalating use of, data means that digital security is becoming increasingly important to all organisations, including the education sector.
As Richard Sambrook Smith, Novatia’s Managing Director observes, “Schools and MATs are just as vulnerable to cyber-attacks as businesses and governments. The key to avoiding being attacked is to make your ICT as invulnerable as possible. Hackers are looking for easy ways in, chinks in your armour. It’s your job to make sure the gaps are either not there or too difficult to find.”
Here are FIVE precautions you can put in place immediately to reduce the chances of your Trust or School letting a hacker in. These should be considered in any strategic review of your procedures and systems. For all eleven of our recommended actions, please download our Novatia Note (above).
FIVE actions to take to boost your cyber protection:
- Restrict what any individual can access across the School’s network. Not everyone needs access to all data when they are logged in. Ensure that your systems are managed so that that your users only have access to what they need.
- Use up-to-date antivirus software. Viruses and malware update and change very quickly. It’s easy for the virus creator to update and release a newer version quickly. Therefore it’s essential that your School or MAT keeps its Threat Management systems up-to-date, so they are as effective as possible. You also need to make regular updates to critical systems more often than daily. This reduces the risk of losing data or access to the network.
- Develop policies for the transfer of data. Unmanaged and unencrypted ‘memory sticks’ and external drives can introduce unnecessary risks to a network. They are also an easy way for people to, wittingly or unwittingly, create a security breach (Edward Snowden took the NSA’s data using a usb memory stick). Schools should not only ensure they have clear policies and procedures about how data is allowed to be taken away from the school network but they must also monitor the compliance with these procedures. Consider using cloud storage to move data, where it can be sanitised before it hits the network.
- Ensure everyone knows about cyber security. Cyber-criminals now focus on getting staff to open up “dirty” emails and bring in infected data to the organisation for them. Make sure everyone is vigilant; it just takes one person to open a “dirty” email and you’re all contaminated. It’s also important to ensure that the message of vigilance is re-enforced on a regular basis. Even the most on the ball team members can be taken in by clever hackers.
- Ensure authentication tools are in place for any remote access. Remote access cannot just rely on user-names and passwords. Whilst account locking is useful for brute-force attacks, if hacker has a valid username/password combo then the system will let them login. For remote access consider using a second authentication tool, like a 1-time token which can only be used by the person holding the key. There are lots of systems available, that can be used to help secure remote access.
Finally, cyber threats are ongoing; this means your approach to protecting your trusts and schools has to be ongoing too.
Our Novatia Note on Cyber Security has Eleven practical ways for you to increase your school or MAT’s defences against cyber-attacks.
If you would like more information about any of the points raised or to discuss your MAT’s or school’s approach to ICT, then contact us. Let’s have a conversation.