Bidford School
UK private schools a growing target for phishing attacks
Cyber criminals see families with the income to fund private education as potential high-value victims
Posted by Rob Bertels | January 30, 2018 | E-safety
e-safety, phishing, cyber-security, data-security, primary, secondary

A recent report from the Telegraph has found that cyber phishing attacks on private schools across the United Kingdom have evolved from “isolated incidents” to more serious widespread attacks, creating serious problems for primary and secondary schools throughout the nation. Cyber-criminals are increasingly taking advantage of loopholes within poorly protected networks at private schools by stealing sensitive data through phishing attacks, data which can then be utilised to send unsuspecting parents with fraudulent invoices and scam them off their money.

The report also revealed that six private schools had submitted insurance claims in the last quarter as a consequence of data loss from cyber-attacks. Cyber-criminals are increasingly targeting organisations that are less focused on the protection and security of their systems. The education sector, which stores sensitive information on all students across the country, has been considered by hackers as having inadequate data protection measures and minimal experience of handling social engineering attacks such as phishing to pinch data while masquerading as a trusted entity. Phishing is an increasingly common practice which sees criminals impersonate legitimate brands in messages such as text messages and emails, in an attempt to get the recipients to disclose their credentials.

These issues should make schools of all shapes and sizes sit up and take notice of the threat cyber-crime poses to the public sector as well as the private sector. Parents of pupils are advised to be extra vigilant when receiving emails reputed to have been distributed by the school and before making payments to the school.

Cyber-criminals are increasingly taking advantage of loopholes within poorly protected networks at private schools by stealing sensitive data through phishing attacks, data which can then be utilised to send unsuspecting parents with fraudulent invoices and scam them off their money.

Cyber-criminals are targeting those families with the means to fund their children through private education, as potential high-value victims, given that they spend up to £10,000 per term on their children. The loss of confidence in schools affected by phishing attacks could harm their reputation for some time, so it’s important to take the following steps to provide sufficient protection from phishing attacks:

  • Consider nominating individuals as part of a new leadership team focused solely on the cyber protection of the school. These individuals will be responsible for training staff members about necessary security policies and maintaining open lines of communication with stakeholders including parents and board of governors.
     
  • At the very least, schools should revisit their antivirus software and – in the event that no software is in operation – purchase some immediately to provide low-level protection for the school’s operating systems. Those with existing antivirus software that haven’t really utilised it to its full potential, ensure you update your software to the latest version, which will include up-to-date protection for the most sophisticated cyber-attacks.
     
  • In the event of a data breach, it’s important to minimise the time it takes to restore your organisation’s sensitive data by regularly backing up your files – ideally off-site in the cloud where cyber-criminals cannot locate the data so easily.
     
  • Don’t depend upon your cyber security software to keep your school safe from the threat of social engineering attacks. Make parents aware of your proactive approach to phishing attacks and encourage parents and pupils alike to alert the school immediately if they receive any suspicious emails in their online accounts. Warn parents and pupils not to click on unknown links to external sites which might direct users to illegitimate web pages cloaked to appear as the real page on your school’s website.

 

The likelihood of stamping out cyber-attacks altogether is next to nil, but with the right risk management policies in place, it’s possible to stop phishing and other social engineering attacks from becoming a serious threat to schools and their reputations.

CALL US EMAIL US COLLAPSE