For parents, the safety of their children is a priority. They trust schools to protect their children and their children’s data.
For schools, this is a big responsibility. We’ve entered a new digital age with a whole online world to explore, as well as endless gadgets to play with and work on and constant technological developments,
Consequently, there are more routes and opportunities for data to be compromised, the education sector is no exception to this threat.
The National Cyber Security Centre alerted in 2021 that there has been an increase in ransomware attacks on the education sector by cybercriminals .
They emphasised the need for organisations in the sector to protect their networks to prevent further ransomware attacks.
The South West Grid for Learning (SWGfL)
The SWGfL are a charity working so that everyone in society can benefit from technology, free from harm . They are part of the UK Safer Internet Centre, experts advise schools, public bodies, and industry on appropriate actions to take regarding safeguarding and advancing positive online safety policies.
They have been leading online safety for the past two decades, delivering engaging resources and training to a wide variety of audiences nationally and internationally.
The work of SWGfL has brought online safety to the forefront of public attention, ensuring everyone can develop their understanding of what online safety means in an ever-changing world.
Ransomware attacks can strip access to school data. The nature of a ransomware attack is that it encrypts files on a computer system, so they cannot be accessed.
If the files cannot be accessed, then these important systems will be out of use in a school:
- Parent contact details
- Pupil records
- Contact details for third parties
- Telephone systems
- The internet
- File servers
- Door/gate access
The implications of this for staff and pupils are dangerous. There is also the risk of personal information being leaked onto the dark web if it has been obtained by criminals.
Protecting School Data
Central to effective data protection is the ability to identify the core data of the school. This core information is the most important and may include the medical details of pupils, parental contact details or the HR records of employees.
When the core data assets are identified, layers of protection can be built around them. The SWGfL recommends that layers of security should be used to protect school data. This layered system should be visualised like an onion, with the core data assets at the centre and the surrounding layers being modes of protection.
The first layer is data security. This means ensuring that the right people have access to the core data. It should be checked that staff in the school only have access to the systems that are essential to their role.
Secondly, application security must be applied. This means ensuring that security programmes are always up to date and the security software in place is functioning properly. This mitigates the technical vulnerability.
Then, endpoint security should encompass the other measures. This refers to device security, if a device is used to access data and systems then it must be secure.
The final two layers are similar. Adequate perimeter security and network security is essential to ensuring the internet server and networks systems are secure. These layers should actively try to repel attackers. This layered security system should strive to stop attackers from getting in, but also to stop data from leaking out.
The layers of security can be translated into the use of these tools:
Core Data Assets:
- Critical data identified and protected
- Backed up
- Data Loss Prevention
- Security Information and Event Management (SIEM)
- School-wide policies
- Records of processing activities
- Maps of critical data
- Data access controls
- Retention and disposal
- Software patching
- Automatic updates
- Logging systems
- Access controls
- Password security
- Ransomware protection
- Fileless attack prevention
- Asset management
- Device firewall
Perimeter Security and Network Security:
- Intrusion detection systems
Staff at all levels within the school should be trained on the use of and the importance of these tools
Regular audits within schools, assessing the quality of data security is important. This ensures that any gaps in security can be filled, and new software or procedures can be installed.
Audits should monitor:
- Where is it kept?
- Is it core data?
- Who has access to it?
- Does it need securing?
- Where are they?
- What do they do or store?
- Who has access to them?
- Do they need securing?
- Who needs access to what?
- Have they had the appropriate training?
- Do they understand their obligation?
- Is there a plan for future breaches?
- Does the plan work?
- Does everyone know to initiate it?
- Does it include out-of-hours?
- Is a copy stored off-site?
Cyber Secure is a new tool for the Department for Education that the SWGfL has been commissioned to produce. It is set to be launched in early 2022. It will be a free to use, self-assessment tool and it will help schools to review and improve their cyber and information security.
It examines 23 aspects of school systems, identifying what needs to be improved and suggesting ways of implementing better security systems.
Additionally, the National Cyber Security Centre’s website has many useful articles that advise schools on how to strengthen the security of their data.
Ultimately, schools should ensure that they have robust security systems in place to ensure the safety of their children and staff. Regular monitoring of these systems is crucial to repair and improve the walls of protection.
 The National Cyber Security Centre. 2021. Alert: Further ransomware attacks on the UK education sector by cyber criminals
 The South West Learning Grid