The Covid-19 pandemic has impacted the UK’s Independent School sector in many ways. Students and school staff have had to adjust to learning, teaching and working from home, whilst adopting new technologies and communication methods on the fly. Cybersecurity for schools is more important than ever.
Bursars have shouldered the task of stabilising school finances throughout months of uncertainty. Government-mandated school closures have necessitated offering fee discounts for some, whilst international students struggled to return to the UK during lockdown and parents of others found themselves unable to pay fees, impacting student numbers.
Accurate financial modelling has – and will continue to be – an essential undertaking for bursars in the wake of the pandemic, as the sector shows promising signs of recovery but budgets remain tight. However, whilst school staff strive to maintain high standards of education, the National Cyber Security Centre (NCSC) has sounded several warnings about rising numbers of cyber scams and hacking attempts targeting schools and other small institutions.
We examined the cybersecurity landscape for bursars, and how our portfolio of iSAMS products helps to keep school and parent finances secure...
How are criminals targeting schools?
The most common and damaging methods employed by cybercriminals to target schools are business email compromise (BEC) and ransomware attacks. BEC, also known as CEO fraud, involves an email account or address within a school or business being compromised or spoofed. The scam involves sending an email that appears to have been sent from someone within the school – often from senior management or the finance team – asking for money to be paid to an account. In the current climate, schools may see an upturn in these kinds of scams as parents are lured in by the false promise of fee discounts.
Ransomware involves compromising an IT system, accessing its data and encrypting it. The hacker then demands a ransom to decrypt the information. Schools that choose not to pay a ransom are often hit with a second, more insidious demand. Ransomware is usually coded not just to encrypt important data, but to send this information back to the hacker. This is used as leverage in circumstances when schools refuse to pay, as hackers may then threaten to release sensitive data on the internet.
Alarmingly, more than 70 cyber-attacks targeting the education sector were recorded during the pandemic. In March of this year, cybercriminals carried out a targeted ransomware attack against one of the largest academy trusts in the UK. The attackers demanded £5.8m in ransom, before leaking sensitive school data online and costing a further £500,000 in new equipment and staff overtime.
More recently, data released by Microsoft Security Intelligence suggested that in July, education was the most affected industry, encountering almost 64% of all malware attacks, totalling more than 6.2 million incidents.
Cybercriminals appear to be taking advantage of rising numbers of infection vectors – or weak points – in schools’ IT systems. Whilst people have adapted quickly to working from home, the software and tools they rely on aren’t always fit for purpose. Without proper protection in place, schools can be vulnerable to attacks.
The true cost of falling victim to a cyberattack is difficult to quantify, with ramifications extending beyond the loss of financial capital to lasting reputational damage and even damaging student learning. More than ever, bursars and school finance staff need a comprehensive accounts solution that offers all the functionality they need, whilst allowing them to work securely from the office or home.
iFinance by iSAMS: a secure solution for bursars
The NCSC recently published a guide to mitigating malware and ransomware attacks. Its recommendations include adopting multi-factor authentication (MFA), creating regular backups of data to ensure recovery from a ransomware attack and various other measures which can be implemented using a cloud-hosted solution.
iFinance by iSAMS employs a sophisticated, multi-layered security model and a set of important safeguards to protect client data. The system’s architecture is more robust than most systems running on internal school servers because it has firewall protection, 24/7 threat monitoring, systematic monitoring of the latest security patches and anti-virus updates and their immediate implementation where necessary. The system makes a full scheduled SQL Server backup once a night and a transaction log backup once an hour, with the data stored onsite and offsite for an added layer of security.
In order to eliminate the possibility of a parent falling victim to a BEC scam, iSAMS offers two methods to replace bank transfers with more secure methods for both domestic and international payments. The first involves migrating to a direct debit process, whereby parents do not have to send any money as the fee is requested directly from the bank. iSAMS’ Fee Billing solution has a dedicated Direct Debit module to automate this process.
The second utilises a new solution – iSAMS Payments – which is housed within the Admissions Portal and Parent Portal. For domestic payments, parents receive a notification to let them know there is an outstanding invoice, and they can log in to the portal, view and verify the bill and pay it online using a debit or credit card. For international payments, parents have the choice to pay via an approved third-party integration partner, who manage payments in multiple currencies.
In addition to secure accounting and fee billing solutions, iSAMS now offers a self-service HR solution that provides GDPR compliant storage of employee information, as well as an HMRC-recognised payroll solution that is capable of automating schools’ pay runs. Utilising these two solutions offers school staff the option of updating their personal details and accessing payslips via a secure portal, removing the need for email requests that could be spoofed by a BEC attempt.
The future is bright
As the Independent School sector continues to move forward and evolve in light of recent obstacles, now may be the right time to invest in a cloud-based accountancy solution that keeps data secure. iFinance provides bursars with real-time business intelligence and facilitates collaborative accounting between audit partners and schools to help model for a post-Covid future with greater certainty.
