Last month, the world stopped and ground to a halt as we experienced a cyber attack of such unprecedented levels. The horrendous series of WannaCry ransomware attacks on organisations across the world, and potentially most infamously on the UK’s NHS, caused a worldwide uproar and without doubt opened the eyes of organisations at all levels in all industries to the state of security in the digital world.
Digital technologies have transformed our lives; some argue we are in a fourth industrial revolution and one which we will not come back from.
The digital revolution has enabled us to break-down barriers, create new and exciting industries, offer us the world’s largest library for information and has allowed us to communicate with people all over the world instantly.
The web at its heart is a forum for worldwide knowledge sharing, and people of all ages benefit from it every day. In education, it has enabled both pupils and teachers to access information that previously was never possible, and bring a new dynamic into the classroom to enrich the learning environment.
Unfortunately there are those who would take something as positive and powerful as the internet and the digitalisation of the world we now live in, and use it to cause harm, upheaval and fear.
We have seen the emergence of the cyber-criminal, and now, 50 per cent of all crime is cyber-related according to the latest annual Crime Survey of England and Wales. In fact, according to a new report from PhishMe, ransomware attacks have increased by 600 per cent from 2015 to 2016, which demonstrates how much more serious ransomware and other cyber-attacks are becoming.
Gone are the days when people thought it was only big businesses that were vulnerable to online threats. Organisations both large and small, public and private, are all potential victims. Regrettably, this includes schools. Educational establishments need to be taking their cyber-security as seriously as a bank would, and make it a top priority ensuring that they have the right measures in place to protect themselves and their pupils from malicious activity.
Since September 2016, schools are now obliged to have web-filtering and monitoring solutions in place to safeguard their pupils. They need to be taking a four-pronged approach to ensure they are as secure as possible:
Perception
Although cyber-security has been talked about in the media for some time now, it wasn’t always front of mind – WannaCry could well have changed this. The first step of any security plan is to therefore shift the mind-set in schools.
School security needs to be discussed at a board and governor level (with the IT department involved to ensure that they are educated as to the risks and understand the importance of having strong security measures in place).
Schools should also consider having a security specialist board member so that they are regularly kept up-to-date with the latest cyber-threats and have a designated senior member of the team responsible for ensuring that the right measures are being implemented.
Policy
It is no secret that human error is the leading cause for cyber-security incidents, making up 60 per cent of all cyber-related breaches. As a result, it needs to be taken seriously by the headteacher, staff and pupils.
This means education – and building a strong security culture that is instilled throughout is essential to ensure that everyone is vigilant and aware of threats.
This comes with educating both staff and pupils on the risks of their actions and ensuring that they know the security processes in place to mitigate the risks, should an incident occur.
Some simple tips include regularly updating passwords and ensuring that they contain at least eight characters with a combination of lower and upper case letters, numbers and special characters. The most common passwords of 2016 were “123456”, “qwerty” and “password”, which are totally inadequate and dangerous – they are often used for multiple accounts which can cause a domino effect from just one data breach.
Teachers, other members of staff and pupils need to ensure that they don’t open any emails if they look remotely suspicious. Phishing email scams are designed to look like they are sent from an authentic company, but are sent by scammers trying to obtain personal information to steal money or data. If everyone within the school is that much more educated around cyber-security, it can have a great impact on a school’s defences.
Protection
It isn’t enough, however, for schools to be aware of the threats. They need to have a layered security programme, so that they are not reliant on a sole provider and can create a robust brick-laying effect that cyber-criminals will struggle to infiltrate.
Even in schools, having enterprise grade security solutions in place (beginning with firewalls, encryption and good security software) should form the basics of a strong defence system.
Security needs to be taken seriously at all points of the schools’ network to ensure that all staff and pupils understand the risks of their actions and know the security processes in place should an incident occur, in order to mitigate the risks in the event of a breach.
Proactivity
Even once a school has taken all of these steps, it doesn’t stop there. It is no good to have a security programme installed and to never think of it again. The landscape is developing at an incredible rate, and as a result, schools need to ensure that they are keeping up-to-date with the latest updates and improvements to ensure that they are as protected as best they can be.
Conclusion
Cyber-criminals are not going to disappear anytime soon; we’ve seen it disrupt businesses, elections and even more recently, healthcare systems – and schools are no exception to this.
Academic institutions need to have an omniscient view of their whole security strategy, ensuring that the whole school, from the board to the pupils, are properly equipped.
Being protected online is of vital importance in this digital age and needs to be taken seriously, especially when it is children and the younger generation that could be exposed.
Schools therefore should ensure that they are following the four Ps and are constantly vigilant in a world of digital predators.
- Claire Stead is an online safety expert at Smoothwall.