How vulnerable is your school to a cyber attack?
The independent schools sector is becoming more of a target for cybercriminals looking to gain access to sensitive data, such as pupil records and parental financial data.
There are many ways a school’s security can be breached, and those in senior positions need to be aware of how to spot the warning signs. Here are just three of the areas that schools need to be aware of.
Third-party supply chain data
One vulnerable area for schools is through the supply chain that they use. Whether work is outsourced to contractors for tasks such as cleaning and catering, or new technologies such as cloud storage, a school’s data is not just restricted to its own devices.
What happens when a third-party supplier is hacked? And do they have the appropriate insurance to protect the costs of privacy breaches? It is important for bursars and school leaders to know this information. If they do not, we advise that they should carry out an appropriate risk assessment.
Schools should analyse what data their supply chain has access to, the impact if there was to be a breach, and whether there is any alternative to using a particular service.
Phishing scams are one of the most common and well-known threats that schools face. Usually sent via email, phishing scams can allow cyber criminals access to company data and confidential information. The corrupt emails can also add viruses to technology systems and cause data to be completely lost from a system, which could lead to significant reputational damage and loss of income.
As there are a number of people at a school that have access to email accounts, it is imperative that pupils and employees are aware and trained to spot the signs of a phishing email. Whether it is looking closely at the link that is attached on the email, hovering over a hyperlink to establish a genuine website, or questioning why you have been sent an email with an attachment before clicking, schools need to ensure that all potential ‘targets’ are aware of these issues.
Disgruntled employees can be another source of data breaches. If a member of staff leaves under negative circumstances they might cause significant disruption and leak or sell confidential information. Alternatively, if the person is due to leave the school, they may not be as alert to attacks as they may have been before and therefore could accidentally leak data.
Bursars and school leaders need to ensure that they are aware of who has access to their data. If someone is due to leave, consider restricting access or removing it completely - eliminating any possibility that confidential information is shared, whether intentionally or not.
How can schools avoid a cyber-attack?
Avoiding an attack isn’t easy, but it is clear that schools need to act and make changes if they haven’t already. There are number of steps schools can take to protect themselves against a cyber-attack and looking into existing insurance policies is key for further protection.
Do you know how vulnerable your school currently is? Complete our free online cyber security calculator to understand the level of risk your school could be at from a cyber-attack.