We all know that keeping data safe and secure is critical to avoiding malicious attacks. Did you know there was an increase in ransomware attacks on the UK education sector during August and September 2020 – rising again in February 2021?
On 17 September 2020, The National Cyber Security Centre issued an alert to the education sector regarding the sharp rise in cyber-attacks. They warned that ‘ransomware has led to the loss of student coursework, school financial records, as well as data relating to Covid-19 testing.’ The Centre detected another rise from June 2021.
Recent cyber-attacks include:
- 16 March 2021 – A Trust in the South was approached by an intelligent ransomware attack that left 23 schools without access to an IT system.
- 12 March 2021 - 17 schools led by a Trust in the East of England were affected due to a ransomware attack.
- 3 March 2021 – A Midlands-based Trust had to disable their IT systems as a precaution following an attack.
Common ways in which cyber-criminals can gain access to your school IT system or your computer's data is through:
- Weak passwords
- Lack of multi-factor authentication
- Vulnerabilities in software
- Other techniques such as phishing emails
Cybercriminals benefit from inexperienced individuals. This makes it easier for them to carry out their attack. However, even those who are knowledgeable about cyber-security can fall victim to cyber-attacks.
That’s why we recommend that you ask yourself the following questions when you’re faced with a situation that could lead to a comprise of data:
- Is this email from a known sender?
- Is the email address from this contact one that is associated with them?
- Does the email address match the sender's name?
- Is this attachment safe to open?
- Is my password strong enough?
- Have I stored my passwords in a safe place – on a system that is password protected?
- Have I locked my computer?
- How can I keep my data safe?
- Does the request from the sender seem reasonable? Are they using time as a factor to force you into taking an action?
- Does the sender in question have bad punctuation and grammar, and lack personalisation?
- Are they asking you to change or provide bank details?
How you can protect your data
You’ll want to communicate with your IT team to ensure their back-ups contain the right data, that these back-ups are held offline and that they can restore the data.
If you encounter a phishing email, have been contacted by an unknown contact with an unusual request, or have reason to believe you’re being targeted:
- Don’t click on any attachments or links
- Verify the information with the company or contact directly – e.g., if you’ve received an email from your bank, call your branch directly to get them to verify
- Utilise your ‘spam’ and ‘junk’ tools on your inbox
- Block the email address
Other precautions you should take include:
- Change your passwords frequently - make sure to use strong passwords that are not easy to guess
- Add additional authentication methods to protect documents – e.g., password protection and bit locker
- Install a reliable anti-virus software
If you have reason to believe that your data has been compromised, let your IT department know as soon as possible so they can take appropriate action.
At SAAF, our team has completed extensive cyber-security training – so we understand the importance of keeping your data safe and secure. If you would like to learn more about how SAAF Education can support your school, academy or trust - contact us using the link below.