Year 5 are using laptops for their geography research on rivers. A child’s hand shoots up in the air. “Should I click on this Miss?” the young student asks. Many teachers can relate to this situation.

What is cybersecurity?

The National Cyber Security Centre define ‘cybersecurity’ as an individual or organisation’s ability to reduce the risk of a cyber-attack.

In a rapidly changing world, cybersecurity is fast-becoming a top priority for organisations across all industries, but it is in the education sector, where local school districts are having to overcome challenges to protect not only staff but also their students. Interestingly, the education sector tends to be the most open and honest about its gaps in cyber security.

Children’s digital literacy has developed immensely since the shift to remote learning during the pandemic and schools are now operating alongside online resources every day to deliver high-quality teaching and learning. Just like a cosy reading corner, technology is now a part of the classroom furniture, meaning a school’s ability to resist cyberattacks is paramount.

The types of attacks education faces

A school faces multiple threats to the safety and security of its staff and administrations, as well as its students’ personal data. Here, we walk you through the different types of cyber-attacks your school faces:

  • Malware and website defacement – the most common cyber-attack, malware is software intentionally designed to disrupt, damage or gain unauthorised access to a computer system. In a school context, on average almost half of cyber-attacks will be in the form of malware, whether it be virtual meeting invasion or vandalism to a school website or social media account.
  • Data breach – most of these are a result of human error and it is impossible to completely eradicate the chance of a leak. This type of cyber-attack can lead to a student’s sensitive medical information being revealed or personal data being sent to the wrong person via letter, email or any other form of communication. A data breach can lead to school’s being sanctioned and fined, therefore it is crucial that all staff are aware of the importance of complying with the General Data Protection Regulation’s (GDPR) latest requirements. A policy should be in place for dealing with such breaches.
  • Ransomware – a variant of malware, ransomware is the new risk on the block for education. With a dramatic increase in attacks on schools, ransomware prevents you from gaining access to a device and the data stored on it by encrypting its files. To gain access and decryption, a criminal group will ask for a ransom. Computers can become blocked and data deleted or stolen. Schools’ reliance on external IT systems leaves them vulnerable to a ransomware attack.
  • Disrupted denial of service – an attack designed to shutdown a device to prevent usage, disrupted denial of service (DDoS) attacks will bombard a target with traffic and overwhelm the device until it crashes. This type of cyber-attack tends to target a small number of devices – usually just one. In a classroom context, this might result in student’s being denied internet access or experiencing Wi-Fi disruption. Schools can work with their internet service provider and use network redundancy, which redirects traffic to a target, to mitigate the risk of such an attack.
  • Phishing – these are emails to designed to catch out the busy, distracted user and an attack can lead to ransomware installation and system disruption. Phishing emails can be sent to millions of users directly so it is important that all staff are made aware of this type of attack during a staff meeting. Be on guard and if something doesn’t seem right, don’t click; a motto easily transmitted to your students in lessons.

Steps to prevent attacks

Before we delve into the strategies schools can adopt to protect themselves from a potential cyber-attack, we must mention online safety – the shop floor approach to keeping children safe online. It is important that schools provide their children with online safety sessions throughout the year. Unfortunately – due to timetable restraints and the nature of a busy curriculum – it is often the case in schools that online safety is narrowed into a week of focus or a day of promotion, for example, Internet Safety Day.

However, like most things we learn, consistent revisiting of key concepts and skills ensures students retain new learning into their long-term memory. Inviting external agencies in to deliver student, teacher and parent training should be a yearly practice. Developing students’ awareness of digital literacy and understanding how to keep themselves safe can be covered in the PSHE curriculum. The more eyes trained to spot something ‘phishy’ or potentially harmful, the more robust your school’s approach to cybersecurity.

 

There are a few ways for schools to reduce the risks of staff and students’ safety being compromised.

  • have your most sensitive accounts be given the extra layer of protection with a strong and unique password. The recommendation, however, is to create strong, robust login details for all accounts where possible, whether that be internet-based resources or device logins.
  • Domain Name System (DNS) Security is a solution that helps stop attacks that get through your email security. By understanding how DNS works and its value in protecting a school’s data is the first step to take.
  • To add an extra layer, considered a bonus, is to limit the distractions students have in class by categorising URLs and filtering commonly used websites like YouTube. The safety mode setting on YouTube and any educational firewall will provide even more strength to your school’s cyber security shield. Google SafeSearch is also a useful tool when combating the challenges of internet searching in the classroom.
  • Informing all staff and students to avoid the temptation of downloading free tools or software is an easy strategy to implement. The wrong click of a button could lead to a ‘free download’, for that tool you could really do with, sabotaging school data and downloading its very own nasty virus that can result in all sorts of dangers.
  • Updating your school’s active directory is undeniably important when protecting itself from attacks. Although a laborious task, keeping accounts updated and refreshed with new students/staff and removing past ones closes that door on an attack.
  • Ensure all servers & network equipment access follows best practice. By checking your network’s latest patches at least weekly, you are making sure you are updated and protected.

For more information on how to book online safety training for your school, visit https://www.ecplimited.com/

About the author

Picture of Andrew Timbrell

Andrew Timbrell

Education writer with over a decade of experience in the sector as a teacher and senior leader.

LinkedIn Page