Since the start of the Covid-19 crisis, many schools and colleges have been relying on video calls, extranets and remote access to servers more than they ever considered possible. Getting used to new ways of working, and making rapid changes, has allowed cyber criminals to take advantage of the confusion. In a rare public statement, the National Cyber Security Centre (NCSC) has issued a warning over the threat of Covid-19 related scams. The government agency, which is part of GCHQ, noted that there has been a sharp rise in cyber attacks that take advantage of the panic and uncertainty caused by the pandemic. Paul Chichester, the NCSC’s Director of Operations, said: “We know that cyber criminals are opportunistic and will look to exploit people’s fears, and this has undoubtedly been the case with the Coronavirus outbreak. Our advice to the public is to follow our guidance, which includes everything from password advice to spotting suspect emails.”
Earlier this year the Department for Digital, Culture, Media and Sport released the Cyber Security Breaches Survey 2020. Whilst these annual surveys have been published since 2017, this was the first time they have included educational institutes. The results were surprising and suggest that secondary schools and further and higher educational institutions are more likely to have identified cyber breaches or attacks against them than UK businesses in general. This recent case study from CFC Underwriting demonstrates how a hacker managed to gain access to a school's system via the remote desktop protocol (RPD).
The most common form of attacks against schools are:
With these levels of attack against schools and the increased vulnerability caused by Covid-19, cyber security needs to be a high priority for governors and senior leaders.
The most common risk that cyber criminals pose is the attempt to lure home workers to click on malicious files or links. This type of attacking, known as phishing, rose by an unprecedented 667% in the UK over the month of March.
The National Cyber Security Centre website has a wealth of information and guidance to help you consider the cyber risks that you face and how to manage them. They also have some education specific resources that can be found here.
A 2019 school cyber security audit showed teachers and support staff did not feel very knowledgeable when it came to cyber security. The survey highlighted an appetite for more staff training, and new resources to help bridge this knowledge gap. See the useful links below for the report.
All schools should have a cyber security policy. This should include:
As part of overall cyber plans schools also need to consider other factors such as cyber safeguarding of children and educating and protecting children from cyber bullying.
National Cyber Security Centre & London Grid for Learning – Cyber Security Schools Audit 2019
Top of The Class LGfL Cyber Security Report
NCSC common cyber attacks
NCSC 10 Steps to Cyber Security
NCSC – Practical tips for everyone working in education
Ecclesiastical Cyber Security Guidance Notes
Cyber threats to schools and colleges
Thursday 11 June
If you would like any further advice or have any queries on the above, please get in touch with our education specialist, Mark Rose:
07841 430 237 | [email protected]
Posted by mark rose on
3 June 2020 at 12:00 AM
Covid-19 Education, Education
Homepage Featured, Schools and Colleges
Charity and Care
Health and wellness
Home and Contents
Museums and Visitor attractions
Parents and Pupils
Schools and Colleges
Yachts and Boats
Health and safety
Home and contents
Small business and start ups
Read article >