Austria
Belgium
Denmark
Estonia
Finland
France
Germany
Greece
Iceland
Ireland
Italy
Liechtenstein
Netherland
Norway
Poland
Portugal
Spain
Sweden
Switzerland
Turkey
United Kingdom
Australia
Hong Kong
New Zealand
India
Indonesia
Japan
Malaysia
Philippines
Singapore
Thailand
Brazil
Chile
Colombia
Mexico
Peru
USA
Bahrain
Israel
Morocco
Oman
UAE
Saudi Arabia
Tanzania
Making your school’s cyber security stronger
Published
Written by
Read time
Making your school’s cyber security stronger
We’re living in an age where many of the most damaging and ruinous crimes occur online and in the digital space. From data breaches to malicious attacks, and from procuring and trading private records to bringing down health, transportation and banking networks, cybercrime is invisible, insidious, and expensive to deal with.
With every device available, there are cyber risks to mitigate. Smartphones and computers are all vulnerable and ripe for data picking unless better security and protection can keep out the cyber villains. The global cost of cybercrime is predicted to be $10.5 trillion by the end of 2025 (Cybercrime Magazine, 2020).
And it’s not just a dilemma for businesses and corporations – the education sector has its own set of cyber problems to address, and vulnerabilities to protect. In this article, we look at the stories and data on education cybercrime, what are typical types of cyber-attacks, what are the most useful preventive tips and advice for avoiding falling victim, and why you need to consider a robust cyber insurance solution for both protection and payout, should cybercriminals infiltrate your systems and devices.
Schools under attack: The latest numbers and facts from the UK Government
Of those included in a cyber survey carried out in winter 2023/24 and the qualitative element in early 2024.
- 52 per cent of primary schools identified a breach or attack in the past year
- 71 per cent of secondary schools identified a breach or attack in the past year
- 86 per cent of further education colleges identified a breach or attack in the past year
- All other education institutions were more likely to have identified cyber security breaches or attacks in the last 12 months than the average UK business.
- Further education and higher education institutions are more likely to experience breaches and attacks than schools, and to experience a wider range of attack types, such as impersonation, viruses or other malware, and unauthorised access of files or networks by outsiders – which we’ll cover shortly.
- Higher education institutions are more likely to be affected by cyber-attacks – 97 per cent identified a breach or attack in the past year. Just under six in 10 of the HE institutions identified that they’d been negatively impacted by a breach.
And in a different survey carried out by digital security business ESET, there’s further cause for concern over cyber risk and awareness in education, results showed seven per cent of institutions operate without any annual cybersecurity budget, while a third of education institutions surveyed do not even have the basic protections, including antivirus software and strong password policies.
Phishing for information
Phishing is when a cyber-criminal sends a message or alert that’s actually a scam. The recipient is directed to a link or bogus webpage, and if they follow this course of action, there is likely to be at the least malicious content, or at worse, personal and financial details captured without knowing consent. Within education, this may begin with a member of the school admin team unknowingly opening an email or attachment from who they believe to be a trusted source, but this breach of trust may quicky escalate to the involvement of teachers, parents, and pupils – all of whom may have had data compromised as a result of the initial phishing scam.
There are also some phishing subsets to be aware of:
- Spear phishing
A spear phish targets a specific person in an organisation or an individual and will often contain information about their personal and work life. The phisher convincingly emits crafted insider knowledge via an email or SMS in order to receive even more information. The purpose is to infect a system with ransomware or a virus.
- Whale phishing
Whale phishing takes this up a level, targeting senior executives of organisations, or in the case of schools, the senior leadership team or those who have access to finances. The techniques and entry points are very specific and may be falsely concealed as a tax return document or official monetary demand. When successful, a great deal of personal information and bank account details can be attained.
- Vishing and smishing
Vishing and smishing use phones rather than emails. Cyber criminals smish to send an SMS or text message purporting to be from a school – perhaps that ‘Dear parent, this is a critical notification regarding your child…’ fairy story, while an actual conversation is a vish attack. This could be someone posing as a fraud investigator telling the victim their bank account has been breached, or someone giving out the line the other person’s been involved in a car accident. The underlying aim – or digital scam - is to trick the person into sharing details of a financial nature.
- Angler phishing
Angler phishing focuses on using social media for nefarious ends, and while not something likely to bring down an educational institute’s network, it’s worth knowing about. With this, you may see what looks like a legitimate business or customer service representative answering an unhappy customer, but once again this is a scam designed to bait people into sharing data and bank details.
Phishing avoidance tips:
Be alert, be aware, be vigilant. If you receive a questionable email from anyone – whether that’s another member of the teaching staff, school supplier, or parent – contact them directly on the number provided or where possible, talk to them face-to-face to check its legitimacy.
With suspicious emails, there are a number of elements that may trigger suspicion. There are often typos which would suggest that English isn’t the writer’s natural language, or the subject title may be different to what you would expect. If the content makes any suggestion that you should send money, share personal details, your instincts to stop and report shouldn’t be ignored. Ask yourself if a link appears to be unusual or odd – and be very careful what you do click on.
Cyber security training for all members of the teaching team should be as regular part of a school’s routine, and there are a number of cyber insurance providers working with the educational sector – such as Howden – who can provide this as part of a policy package.
Ransomware, hacking, and RDP
Ransomware, often called malware and the cyber-attack most likely to target educational establishments, is a malicious infiltration and ‘hack’ of your computer system. Remote Desk Protocol (RDP) is something many IT specialists use when helping to fix a problem, but when it’s clear an unknown entity has taken over and is moving stuff around, it’s the result of a ‘hack’ blocking your access to files and sometimes taking over your network – which may cause severe disruption to the victim’s business or institution, unless a ransom is paid. There is often an accompanying threat to make confidential information and records public as part of the punishment if a demand isn’t met.
We don’t have to look too far to find a direct ransomware hit on a school. Earlier this year (January 2025), Blacon High School near Chester underwent a temporary closure following a ransomware incident that managed to lock the school’s entire network. All devices belonging to the school, staff, and pupils had to be ‘cleansed’ while an independent security firm tried to discover the root cause – which at the time of writing, is still unknown to the public.
In a separate malware attack, in 2024 two school trusts in the East Midlands found themselves to be the target. In Leicestershire, what started as pupils noticing someone other than themselves was moving the cursor onscreen and files. Remote Desk Protocol (RDP) is something many IT specialists use when helping to fix a problem, but when this is done without permission or warning as in this case, it’s the result of a ‘hack’. This quickly escalated into one of the trust’s CEOs ordering the complete shutdown of all systems across the nine schools under her jurisdiction. Everything – from extensive lunchtime queues, names had to be taken down by hand, to weeks of missing library books – was affected by the breach. What occurred in the other trust in Derbyshire was described as a ‘brute force’ attack, as hackers repeatedly tried to crack login credentials and passcodes.
Ransomware avoidance advice: Controlling and policing access to an entire trust, college, or academy’s network is not easy. Watertight login credentials and unique passwords for everyone and multi-authentication helps. It’s also recommended to have a backup network – retrieving lost data or putting standard systems in place is much easier that way.
Having a third party specialist cybersecurity operation maintaining this is good practice, and may also mean problems can be detected sooner, and they have the tools to detect who the ‘bad actor’ is.
A basic preventative measure is not to leave any device unlocked or unattended – especially if you’re working somewhere other than your usual school. Stepping away from an open laptop in a coffee shop for even a minute may allow someone to cause huge digital alarm and harm.
How a cyber security insurance solution is your best defence
In the example below, we can deduce that with a cyber cover solution in place ahead of a cybercrime – especially one that includes protection advice – is more than just an insurance policy – it’s a part of your school’s defence system.
A secondary school’s system was infiltrated during the school holidays via RDP. Weak password protection and lack of multi-factor authentication made this much easier for the hacker – something that of course the school has now tightened. Once inside, systems were locked down making it impossible for staff to gain access, while also compromising the safety of sensitive data. A digital ransom note demanding bitcoins in exchange for an encryption key was issued.
The school’s cyber insurance provider was immediately notified, and they called upon their response team who swiftly identified the ransom variant, before finding a free encryption key online. Furthermore, a forensic team (also included as part of this particular cyber insurance policy) was able to ascertain the type of ransomware used couldn’t actually access the threatened data.
The total cost, including forensics, investigators, and legal counsel, was £17,560 – all of which was covered by the school’s cyber insurance policy.
This one example highlights that any cyber insurance should cover incident response and extortion costs – both of which are so typical when considering the nebulous nature of a cyber-attack on a school or college.
And while coverage with a watertight cyber insurance policy will bring in the ‘big guns’ to flush out cybercriminals from your school’s networks and ensure corrective measures are undertaken, part of the wider package is indeed specialist, preventative insight on how to avoid infiltration and yes, education for this sector through awareness training.
Howden’s own extensive cyber insurance offering can be tailored to include:
• Deep web monitoring
• Benchmarking against other organisations - risk assessments
• Facilities for Penetration (pen) testing
• Advice on how to optimise risk profiles (for example, cyber awareness trainings, help with strengthening existing cyber security)
• 24/7 helpline access
Need support with your cyber insurance?
You can contact our specialist team by calling 0333 234 1198 or emailing us at [email protected].