Cyber Attacks: the very real threat facing schools

Here are some guidelines for schools to follow and useful sources of information to help schools manage the threat and prepare for a worst case scenario.
 

As demonstrated by the recent ransomware attack on Fylde Coast Academy Trust, schools and academy trusts are increasingly becoming a target of attackers. Leaders should consider it more of a case of ‘when’ your school/trust is targeted, not ‘if’.

It is now absolutely crucial to understand the need for vigilance, and to work with your ICT partners to understand roles, responsibilities and what can be done to ensure your school/trust are as resilient as possible, but also what would be needed if the worst happened.

The iCT4 'must' do list of actions for schools and multi-academy trusts:

Enforce

All staff must have ‘Multi Factor Authentication’ for any online service – whether that’s Microsoft (Office) 365, Google, or Apple.  This is where your data increasingly lives, and unless you protect it, it’s open to anyone who can guess your password.

Check

Conditional Access: Can your ICT provider implement controls that prevent access to your cloud data from overseas or known ‘bad actor’ states/locations?

Conduct

Regular Cyber Training: Annual isn’t enough – we’d recommend following the attached on a termly basis to ensure all staff are up to date with cyber ‘best practise’:  https://www.ncsc.gov.uk/information/cyber-security-training-schools

Certify

Consider gaining ‘Cyber Essentials’ certification, a government-backed scheme that helps schools and businesses consider and improve their security position: https://www.ncsc.gov.uk/cyberessentials/overview

Scan

Speak to your ICT team or provider about how they/we can scan for vulnerabilities, as outlined here: https://www.ncsc.gov.uk/collection/vulnerability-management/guidance

Protect

Speak to your ICT team or provider about the protection on all devices and your network. Are all devices protected with encryption and ransomware/endpoint protection, is this actively monitored or just a reactive service

Recover

Ensure backups are reliable, tested and crucially ‘offline’ – this means that a copy of your data is ‘somewhere else’, stored safely away from normal systems and separate from your network.

Plan

Draft an Incident Response Plan with your ICT provider’s input – develop and test it, ensuring you know exactly what to do if the worst happened. If your first impression is ‘I’d call my ICT team’ then this is a good indicator that your plan is not advanced enough and needs more detail as well as regular testing.

Insure

Are you a member of the Risk Protection Arrangement (RPA)?

Check you are covered and ensure you can evidence you have met all pre-requisities for insurance: https://buyingforschools.blog.gov.uk/2023/02/06/rpa-members-if-an-incident-were-to-happen-is-your-school-cyber-secure-and-are-you-covered/

 

The above may seem intimidating and the scale of the challenge may seem daunting, however we are here to help.  The single most important thing you can do is recognise when you need help, query anything you are unsure about and ask questions.  

The key is to be prepared and to have thought all of this through before an attack takes place, not during!

---