We are all aware of the threat of cybercrime, yet cyber incidents are on the increase, with specialist cyber insurer CFC seeing 7 or 8 notifications each day, with over 50% of these relating to the theft of funds or ransomware.*

Whilst the majority of schools are not profit driven and may therefore have a lower exposure in that regard, damage to systems can be costly, not to mention the risks to private and confidential information being accessed. Schools can be particularly vulnerable as they have a limited IT budget and often have old legacy systems in place.

How to protect your school against cyber crime

Train staff to recognise cyber crime risk in your school

Ensure your staff receive regular training in relation to the threats of cybercrime and understand the risks involved. Regularly implement password resets and use complex passwords that are harder to crack.

Ensure that staff understand the reporting process should they become aware of a data breach/loss of laptop etc.

Multi-factor authentication for school IT systems

If you can adopt a system that automatically implements a two-factor authentication this will give you additional protection should a password be breached. If not, ensure that all sensitive documents are password protected and follow the protocols outlined above.

Back up data regularly

Regular back-ups of data on your school's IT systems is essential to protect your school in the event of a cyber-attack. Ensure that the back-ups are stored on a separate server to your main data store.

Consider professional cyber crime support and insurance

Having professional cyber crime support and insurance on hand for your school can provide you with an immediate response to guide you through an issue, supporting you through the lifecycle of the incident/claim and get you up and running as quickly as possible.

Common cyber attacks on schools

Common phishing cyber attacks on schools

• Phishing attacks are common, where users are tricked in to responding to an email that they believe to be from a legitimate source, requesting changes to passwords or changes to account details for money transfers. Phishing is used to gain access to network facilities and can form the basis for a larger full-scale attack.
• Spoofed emails are a source of a phishing attack where users are tricked into visiting bogus websites that appear to be legitimate and then enter sensitive information such as passwords or security codes. Cleverly designed subdomains that look like the real thing are used extensively for this type of attack.
• Spear phishing involves a specific member of staff or the school itself being targeted for sensitive information. Emails from apparently legitimate sources contain links to bogus websites containing malware. The aim is to install malware on your system, with the cybercriminals gaining access to internal resources.

Traditional security methods fail to stop such attacks because of the clever way in which the emails are constructed, enticing users to click links in the belief that they will be unable to access applications in the future if they do not.

To reduce the risk of phishing attacks all members of staff should be trained to identify suspicious emails arriving in their inbox. Email security is essential.

Common ransomware cyber attacks on schools

Ransomware involves data being encrypted followed by demands for large cash payments to release or un-encrypt the data. Some attacks might not be as sophisticated as encryption and may be as simple as the deletion of critical files.

Staying one step ahead is extremely important.

• Ensure all systems are patched against security threats and that policies are designed for updates to be installed and not ignored.
• Test backups regularly and ensure that ransomware or encryption viruses cannot spread to backup locations. Consider cloud backup for off-site protection, if not already in place.
• Appoint an individual - a member of staff, an external agency or a governor to ensure IT systems are working to best practice.
• Make sure networks are properly secured and Wi-Fi access is restricted and controlled.
• Enforce regular password changes across your networks.

Many will see these steps as a hindrance to their daily routine, but the potential risk to the school is far greater than the few minutes it takes to change a password or double check a suspicious email.

Stopping successful cyber attacks on your school

Staying one step ahead is extremely important to help prevent cyber attacks on your school's systems proving to be successful and causing damage.

• Ensure all systems are patched against security threats and that policies are designed for updates to be installed and not ignored.
• Test backups regularly and ensure that ransomware or encryption viruses cannot spread to backup locations. Consider cloud backup for off-site protection, if not already in place.
• Appoint an individual - a member of staff, an external agency or a governor to ensure IT systems are working to best practice.
• Make sure networks are properly secured and Wi-Fi access is restricted and controlled.
• Enforce regular password changes across your networks.

Many will see these steps as a hindrance to their daily routine, but the potential risk to the school is far greater than the few minutes it takes to change a password or double check a suspicious email.

Cyber insurance for your school

Schools can insure against potential losses due to cyber-attacks, but some 'cyber add-ons' to policies give very limited cyber cover and are inadequate compared to a properly structured cyber insurance policy.

We can provide cyber insurance for your school which can include:

• Incident response costs
• Regulatory actions and investigations and court attendance costs.
• Business interruption from network downtime
• Extortion where a third party threatens to damage or release data if money is not paid to them
• Parent or third-party notification expenses when there is a legal or regulatory requirement to notify them of a security or privacy breach
• IT security and forensic costs
• Repair, replacement and recovery following system damage
• Cover for fines under data legislation (where legally deemed insurable)
• Crisis and media management services
• Funds transfer fraud

Cyber risk management services

In addition, our policies can provide risk management services including breach monitoring (searches the dark web for information specific to your school); building an incident response plan; and risk awareness training.

Consider paying for a full penetration test of your network, both inside and out. Penetration testing will look for weaknesses in your network, weaknesses in staff training and understanding of potential threats through phishing, weaknesses in poor update policies and patch roll outs.

At a minimum, conduct a cyber essentials assessment. If your IT department is reluctant to allow such a test, then you may already have security issues that need to be resolved.

Having the ability to restore business data quickly and easily to maintain business continuity and reduced downtime is critical. Regularly test data recovery and bare metal restores. How long do you realistically expect it to be to get your school back up and running?

The risk of cyber-attacks is greater than ever with the perpetrators using ever increasing levels of sophistication to trick users and gain access to services:

• Acknowledge your vulnerability and future responsibilities.
• Ensure that the appropriate resources are provided, and the correct training given.
• Define a proactive cyber resilience strategy to mitigate the risks, never assume you will not be targeted at some point in the future.

If you have concerns about your IT systems and lack of transparency then consider an independent IT audit to look at staffing, skills gaps, processes, backup strategy, resourcing, budgets and service delivery for both administration and teaching. Problems at this level can lead to bigger issues with the underlying IT infrastructure.

Cyber insurance for schools from Towergate

For help and advice regarding cybercrime, including purchasing our cyber insurance, please get a quote online or contact us on 01438 739 626.

About the author

Jo Taylor is an respected insurance industry leader with over 15 years’ experience working with both education and the public sector. She is responsible for supporting her clients on all things insurance and risk related, and is also a mental health first aider qualified through Mental Health First Aid England.

* Source: CFC 2019 claims notifications