One in five schools and colleges have fallen victim to cyber crime, according to research from the specialist insurer Ecclesiastical, yet the majority (74%) of educational establishments claim to be “fully prepared” to deal with such attacks.
This discrepancy between perceived preparedness and reality is particularly alarming when you consider the sensitivity of the data held within the schools relating to pupils, parents and staff that could be compromised thanks to the careless actions of untrained employees.
According to Ecclesiastical’s research, of those that suffered a cyber attack, 71% downloaded malware and 50% experienced phishing attacks. Both exploit human error.
Cyber Essentials and Cyber Essentials Plus
The survey found that data losses (82%) and remediation costs (47%) were the biggest concerns, followed by reputational damage (37%).
In spite of these concerns, the survey found that only 14% of schools and colleges have implemented the UK government’s Cyber Essentials scheme.
The remaining institutions would do well to follow their example: the scheme sets out five security controls that can be deployed to help prevent around 80% of common cyber attacks. Better still, complying with the scheme’s requirements is affordable even for those organisations whose security budgets are tight.
There are two levels of certification to the Cyber Essentials scheme: Cyber Essentials and Cyber Essentials Plus.
- Cyber Essentials requires an organisation to complete a self-assessment questionnaire, which must be signed off by a senior member of staff and then verified by an external certification body. An external vulnerability scan is also required if the school chooses to be certified by a CREST-accredited certification body such as IT Governance.
- Cyber Essentials Plus requires a more advanced level of assurance. In addition to meeting the requirements of Cyber Essentials, organisations must undergo an internal assessment and internal scan conducted on-site by the certification body.
Phishing and ransomware e-learning course
Schools and colleges might also be interested in our ten-minute Phishing and Ransomware – Human patch e-learning course, which teaches the basics of mitigating phishing attacks and ransomware.
Equipping your staff with an understanding of phishing and ransomware attacks and how to prevent them means you can significantly reduce the risk of falling victim.
Having completed the course, staff will be able to:
- Explain what phishing is.
- Outline the consequences of a phishing attack.
- Describe ransomware and crypto-ransomware.
- Identify how to avoid falling victim to phishing attacks and ransomware.
- List the steps to take if they think they’ve been compromised.