Growing concern around IT security in schools has seen the Department for Education continue to enhance its school IT security guidelines in 2024.
2024 looks to be a crucial year when it comes to school cyber security. Cybercriminals are finding cunning new techniques and approaches to threaten schools, businesses and all kinds of organisation.
According to an audit carried out by the National Cyber Security Centre (NCSC) and the National Grid for Learning (LGfl) on behalf of the Government in 2022, 78% of UK schools experienced at least one type of cyber-incident.
Brand new data from the Government’s Cyber Breaches Survey 2024 has revealed even more shocking statistics.
Thankfully, many schools are realising that a ‘cross your fingers and hope’ strategy simply isn’t good enough anymore.
Whether it comes from a phishing email campaign, a determined hacker or an accidental virus introduction, at some point most schools are likely to fall victim.
Those that have not yet taken action are urged to do so.
Recently, a school in High Wycombe was the target of a security breach.
Cressex Community School experienced a cyber-attack on 22 March resulting in a majorly compromised school’s IT system.
“The school initiated their Cyber Response Plan efficiently and effectively. The school has remained open to students and staff with teaching and learning continuing,” said a school spokesman.
Another school in Kent reported a “serious IT breach” in September 2023 by an “outside criminal organisation”.
“It just goes to show that absolutely no one is safe from cyber-attacks and emphasises the need for vigilance against them,” said Maidstone Councillor Chris Passmore.
These schools got through their ordeals because they had plans in place so that they were aware of the issue fast, and so could respond.
The most recent Cyber Security Breaches Survey 2024 by the Government was released on 9th April. The survey investigated experiences of businesses, charities and educational institutions over the past year.
The education cyber breaches section revealed a shocking proportion of schools and colleges who have identified a cyber-attack or a breach in the past year, including:
In fact, it reveals that education institutions overall are MORE likely to have experienced an attack than the average UK business.
50% of businesses and 32% of charities reported having experienced some form of cyber attack in the past few months.
This scenario makes it critical for schools to ensure they cover off not just part but all aspects of protecting their systems, staff and students from malicious digital attacks.
The Department for Education published a set of Cyber Security Standards for Schools and Colleges in 2022, alongside their main set of digital standards for education. They continue to update them as the cyber threat landscape evolves.
There are 12 standards, and these provide a great checklist for planning IT improvements to increase school IT security.
This may seem simple. Yet most of this activity needs expert professional IT support to execute.
It also requires continual vigilance and monitoring, updating and upgrading of protective measures.
The tools and techniques of cybercriminals evolve continuously. So do the techniques, tools and software solutions we can use to combat them.
Research has found the most common types of security breaches in schools. These include phishing attacks, followed by online impersonation, viruses, spyware or malware.
The result of these included not just disabling networks. It also often makes important information unavailable, either temporarily or for an extended period.
Phishing attacks included phishing emails sent to staff directly.
They also included a staff member being directed to fraudulent websites and online impersonations. These include malicious actors impersonating (spoofing) school emails.
Schools already face many hurdles – read our overview of 6 IT Challenges in Schools
One positive from the latest Cyber Breaches survey is that educational institutions are waking up to the importance of preparedness and planning for cybersecurity.
In fact, they are doing so a little more than the average UK business.
All types of school are taking action – although primary schools tend to have less sophisticated cyber risk management approaches than those in the secondary and higher education areas.
If in any doubt about your school’s ability to withstand a cyber incident, then you need to do the same.
claireLOGIC understands the challenges of IT security in schools. We provide managed IT services and proactive IT support for primary and secondary schools.
Our team of cyber experts can help you plan and implement better protection for your staff, students, and systems, then keep that protection current and evolving with the changing threats. They work hand in hand with our team of IT system engineers on school IT managed services and support.
If you’re concerned in any way about your school cyber security, we’d love to listen. Book a call with us today.
claireLOGIC will attend the Schools & Academies show on 1 May – will you be there? Why not visit us on Stand G37 if so.
