Becoming resilient to cyber attacks

With digital attacks on schools rising, Gareth Jelley from edtech charity LGfL-The National Grid for Learning, shares his top tips on how to improve cyber security in schools

Cyber security attacks on schools are on the up. According to the Department for Digital, Culture, Media and Sport (DCMS), security breaches in primary schools increased from 36 per cent in 2021 to 41 per cent in 2022 and attacks on secondary schools rose significantly from 58 per cent in 2021 to 89 per cent in 2022.  
The DCMS Cybersecurity Breaches Survey also highlighted that schools are at greater risk from phishing – the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
It also highlighted that schools are at greater risk of account take over – when a fraudster takes over an account and gains access to emails, files stored on the cloud and takes over your computer.
Meanwhile ransomware is the key issue affecting schools – it’s a type of malicious software designed to block access to a computer system until a sum of money is paid.

So what can you do to improve cybersecurity for your school?

If you want cybersecurity to be taken seriously, someone should be identified to take responsibility for it, ideally a member of the senior leadership team.
What’s more, you need to ensure that you have a comprehensive cybersecurity policy in place to illustrate your commitment to cybersecurity. You can download LGfL’s Elevate Cybersecurity Toolkit, a collection of key documents that schools can use to elevate their cybersecurity – it’s free to all schools nationwide.
Review your cybersecurity on a regular basis, include it on your risk register and report to governors so it is kept high on the agenda.
Schools should also prepare an Incident Response Plan – a document featuring a predetermined set of instructions or procedures to detect, respond to, and limit the consequences of a malicious cyberattack against your school.
Schools are also encouraged to implement a 3-2-1 backup strategy, which is to have three versions of your data – two copies on different media, for example the cloud, and a USB and keep one off site/offline. Ensure that each back up has been completed successfully and periodically check that you can restore from them.

Install security updates

One of the simplest steps you can take is to ensure that you install security updates as soon as possible – patches sent by software providers are designed to close known vulnerabilities. The longer it takes to install a security patch the more vulnerable you become to attacks.
Ensure that the operating system and software you use is up to date. Avoid making yourself vulnerable by using out of date operating systems like Windows 7, for which mainstream support and fixes are no longer available.
Educational settings are also urged to practice good password hygiene – create a unique password for each service you are using and avoid using passwords that are easy to recall or guess. Use a password manager to store passwords if you find them hard to remember - the password manager will remember it for you.

Multi factor authentication

Use multi factor authentication for as many services as possible. Multi-factor authentication is when a user must provide two or more pieces of evidence to verify their identity to gain access to an app or digital resource. Multi-factor authentication (MFA) is used to protect against hackers by ensuring that digital users are who they say they are. Then if a password is compromised you have another level of protection for your account.
Schools should also encrypt sensitive content – which converts information or data into a code to prevent unauthorised access.
They should also implement user awareness training so all your staff understand the importance of installing updates, know how to spot a phishing email and what to do if they are accidentally caught by one. From time to time, test staff awareness of potentially dangerous emails by undertaking a phishing test and use adverse findings to build awareness and confidence of staff in potentially harmful emails.

Secure contact details

Ensure that you have secure backup copies of contact details for parents and keep them updated, so if this data is inaccessible or wiped as a result of an attack you are able to contact them to coordinate pick up times and avoid safeguarding issues.
Ensure that anti-virus software is installed on everything and is working. It is important that someone is looking at the alerts as they come through and not just viewing them as white noise. Prior to a ransomware attack it is possible for there to be a spike in alerts that can be an early warning sign.
Schools are also encouraged to carry out spot checks on the team, person or supplier responsible for managing your cybersecurity. If you are supported by a company, ensure that they have Cyber Essentials Plus or ISO 27001 certifications and that cybersecurity is covered as a core element of their contract.

An audit of cyber security

LGfL is working with the National Cyber Security Centre (NCSC, part of GCHQ) to take a snapshot of the state of cybersecurity in all UK schools. Can you help shape the UK’s response to the threats schools face and help us equip you to meet your training needs? All we ask is for one member of each school to take five minutes to answer a few multiple choice questions.

The survey will only take five minutes to complete but will help to inform shape and improve the UK’s response to cyber security support in education. Complete the audit here: