Our article breaks down what schools can do to combat the risk of cyber-attacks.

After a rise in cyber-attacks towards the end of February, cyber security in education settings has been an area of increasing concern recently.

Schools now use a significant number and variation of devices which connect to the internet, all of which can be subject to a cyber-attack, meaning that important data, documents and files may be compromised if the appropriate measures are not in place. 

This article provides information on:

  • Malware and Ransomware.
  • The likelihood of being subjected to a cyber-attack.
  • What can be done to prevent cyber-attacks.
  • What can be done to mitigate the impact of a cyber-attack.
  • Further information and resources to help schools approach cyber security.


Malware and Ransomware


Malicious software, known as malware, can damage schools if preventative measures against cyber-attacks are not in place. Malware can come in the form of a cyber-attack or a virus from an unsafe website or download, which can cause devices and their functions to be unusable or inaccessible to those who are authorised to use them.

Further to this, malware can also be used to:

  • Steal, delete or encrypt data.
  • Hijack control of devices.
  • Access personal details and credentials which may put other systems such as account databases at risk.
  • Access features which cost money (e.g. accessing payment details).

Ransomware attacks use malware to disable the authorised user’s access to their device. When ransomware attacks occur, the attacker often sends a virtual ransom note which displays on the screen and usually utilises blackmailing techniques in an attempt to force the user to pay some form of cryptocurrency.

A ransomware attacker normally gains full control of the victim’s device and can access important files, data and anything else stored on their device. The blackmailing techniques often involve threats to release sensitive data or delete important files such as pupils’ work or schools’ financial records unless the demanded amount of cryptocurrency, such as bitcoin, is sent to them.

Law enforcement advises against paying the demands of the ransomware attacker, the NCSC state that paying the ransom fee does not guarantee that access to devices and data will be restored, and devices will likely still remain infected. In addition, if schools pay ransoms, the money will likely be put towards the funding of criminal groups, and acceding to demands from ransomware attackers makes victims more likely to be targeted again in future.


What is the likelihood of becoming a victim of a cyber-attack?


The National Cyber Security Centre (NCSC) put out an alert in March 2021 regarding a recent increase in ransomware attacks affecting schools in the UK. They have advised that schools discuss this with the people responsible for maintaining IT systems and ensure measures are in place to protect data.

Cyber-attacks in schools are unpredictable and not necessarily uncommon. The NCSC have advised education providers that attackers often target organisations’ networks through remote access systems such as ‘remote desktop protocol’ (RDP) and virtual private networks (VPN), citing weak passwords and a lack of multi-factor authentication (MFA) as key areas of exploitation.

Microsoft advises the use of MFA for their 365-office interface. It states that passwords should always be strong, but, even if a cyber-attacker does access the password, they will not be able to authenticate the account to access files and data if MFA is in place.

The implementation of MFA across your school’s network, however, is potentially expensive and time consuming.


Mitigating cyber-attacks


Introducing security measures across the school’s network of devices, such as MFA, will give the school’s accounts and data an additional layer of security by adding verification methods such as fingerprints or face recognition, which are unique to authorised individuals. 

The NCSC recommends various ways of mitigating malware and ransomware attacks – there are also preventative measures that should be implemented in order to reduce exposure to cyber-attacks.

At an absolute minimum, schools should regularly back up files and data and ensure that they are using firewalls, anti-virus software and strong passwords.

In addition to this, schools should also ensure staff are trained to know about the importance of cyber security and take action on the following points:

  • Ensure that emails received are sent by a genuine individual before replying, especially if they are asking for personal details
  • Do not make contact with senders via email if they are requesting payment or bank details – contact should be made directly to ensure any transactions are genuine
  • Ensure contact details are genuine before calling the sender to confirm their identity
  • Understand the risks of using public Wi-Fi
  • Be aware of the risks involved with not following payment checks

Preventative measures are the best way to combat cyber-attacks, however they do not completely remove the risk. If your school falls victim to a cyber-attack, the NCSC recommends taking the following steps:

  • Disconnect the infected devices immediately
  • Turn off the school’s Wi-Fi and disconnect from the internet, if necessary, i.e. where the attach is extremely serious
  • Reset passwords and use recovery questions to confirm the identity is of the authorised user
  • Factory reset the infected devices after backing up important files
  • Ensure that the device is free from any malware before restoring files from a backup
  • Install, update, and run antivirus software
  • Reconnect to a clean network
  • Keep track of network traffic and carry out anti-virus scans to identify further infections or remnants of the previous infection


Next steps


The School Bus has a dedicated Cyber Security Resource Pack on site which provides some useful policies, templates and data breach records. We also have a Cyber Security Checklist which can be used to see if your school is sufficiently acting upon policies and procedures relating to cyber security and data protection in line with the ESFA’s ‘Cyber crime and cyber security: a guide for education providers.

ESFA (2019) ‘Cyber crime and cyber security: a guide for education providers’ <https://www.gov.uk/government/publications/indicators-of-potential-fraud-learning-institutions/guide-on-cyber-crime-and-cyber-security-for-education-providers> [Accessed: 27 May 2021] 

Microsoft (2021) ‘Multi-factor authentication for Microsoft 365’

National Cyber Security Centre (2021) ‘Alert: Further targeted ransomware attacks on the UK education sector by cyber criminals’ <https://www.ncsc.gov.uk/news/alert-targeted-ransomware-attacks-on-uk-education-sector> [Accessed: 27 May 2021]

National Cyber Security Centre (2021) ‘Mitigating malware and ransomware attacks’ <https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks> [Accessed: 27 May 2021] 

National Cyber Security Centre (2021) ‘Support for UK education sector after growth in cyber attacks’ https://www.ncsc.gov.uk/news/support-for-uk-education-sector-after-growth-in-cyber-attacks [Accessed: 27 May 2021]