In 2024, the Department for Science, Innovation and Technology conducted a Cyber Security Breaches Survey with a section focused specifically on the education sector. Its findings explained how schools in the UK are consistently impacted by security threats.
The results of the survey showed that 52% of primary schools, 71% of secondary schools, and 86% of further education institutions had identified at least one cyber-attack or security break in the previous 12 months.
Hackers and cybercriminals are increasingly targeting smaller institutions seen as low hanging fruit that may be less well equipped to deal with a scam or hacking attempt. The fallout from a security breach can have devastating consequences for schools.
Previous attacks have resulted in significant financial losses, sensitive data on students, parents, and staff being lost or published online, and even forced temporary school closures. With schools firmly in the crosshairs of cybercriminals, the importance of a secure digital infrastructure has never been greater.
Cybercriminals can embed malware, known as ransomware, in email attachments. If downloaded, ransomware can spread through a school’s network to steal confidential information and demand a ransom for its release. One such attack occurred in June 2021, forcing the closure of two schools after hackers broke into their servers, stealing data and encrypting student information.
BEC (Business Email Compromise), also known as CEO fraud, involves spoofing an email address or compromising an account through a phishing attack. Phishing attacks typically involve a scammer posing as a trusted source, such as HR staff, and asking for confidential information to access school systems.
The hacker will then send an email posing as someone within the school – often from senior management or the finance team – asking for money to be paid to an account. Interestingly, more than 30% of BEC emails are sent on Monday mornings when staff are busy and unlikely to scrutinise an email for authenticity.
Tips to protect against cyberattacks and scams
The most effective ways to protect against scammers for cyber security schools include:
- Train teachers and administrative staff to spot phishing attacks and malicious downloads.
- Implement safety checks such as 2FA (two-factor authentication) for all school systems.
- Do not use personal devices. All school-issued laptops and phones should be updated regularly and set to the same security standards.
- If you suspect a system or email account is compromised, report it immediately.
- Always check the email address you’re receiving mail from to ensure it is genuine.
- Never download an email attachment from an unrecognised email address.
- Never open a suspicious email. Contact somebody within your organisation to check its validity.
