70% of secondary schools have experienced a cyber incident. BIP shares three ways they can protect against attacks ahead of results day  

BIP, the global management consultancy, offers key insights into how UK schools and colleges can best protect their customer data in the event of a cyber-attack this results day.  

The number of secondary schools reporting cyber breaches or attacks jumped from 58% in 2021 to 70% in 2022, exposing the vulnerability of the sector to cybercrime. With UK schools and colleges focusing on delivering exam results this week, the summer months could make schools an easy target for ransomware attacks from cybercriminals.  

Incidents involving ransomware can lead to the loss of school finance records, coursework and other personal data. Schools also tend to have limited resources and expertise for IT and cyber security, making them more vulnerable to the infiltration of networks, and reinforcing the need for secure systems.

Prioritise prevention measures against a cyberattack 

Cyber warfare is now an inevitable and constantly evolving threat, and attacks against schools and colleges aren’t slowing down. The education sector experienced a 44% increase in cyber-attacks last year, with an average of 2,297 attacks against organisations every week, according to Check Point’s 2022 Mid-Year report.   The move to cloud storage means that schools must update unsupported software and regularly enhance their security systems as protection measures. Implementing multi-authentication firewalls, patching data, introducing admin credential vaulting, and backing up critical data can effectively reinforce defence lines. Alongside this, performing maturity assessments can reveal weaknesses within systems and help prioritise areas of concern. Simulations are another helpful way to identify just how effective preventative measures are and what needs to be done.   

Have a plan of action 

A few seconds can be the difference between a minor inconvenience and disaster, so schools must have a planned and rehearsed response in preparation for a breach. This can be done through cyber handbooks and regular cyber awareness training for staff to reduce the risk of an attack. It’s also important to practice using a combination of monitoring tools, such as Managed Detection and Response (MDR) and Extended Detection and Response (XDR) systems, so they can be swiftly implemented in the event of a breach. This is of course dependent on the available budget and capacity of an existing ecosystem.   When an organisation is infiltrated, groups often target emails to take down communication and freeze business activity for maximum disruption. To safeguard against this, schools must maintain a backup system for communication and ensure that email security practices are implemented. For instance, a social media channel or a siloed alert system can be used to continue services where possible.  

Ensure an effective recovery strategy 

Cyber-attacks are unique and affect organisations differently. Therefore, schools and colleges must create a tailored recovery plan for when they get attacked. The cyber incident response plan should assign responsibilities to teams and clearly outline the steps each individual must take to recover as painlessly as possible. The plan should include having secure backup systems, and alternatives to critical processes that would otherwise be compromised in the event of an attack so that operations can continue as normal. Schools must also install a cyber recovery system in order to rebuild the sensitive data they may have lost and should enlist an expert to help rebuild it if necessary.  

Once the immediate impacts have been addressed, identifying the reasons for the attack can be established via official investigations and a data recovery service. A third-party organisation can help establish the root cause, pinpoint the lessons learned, and establish a plan to address this going forward.  

David Royal, Partner and co-lead of BIP’s Public Sector practice, comments:  

“The shift to online learning following the pandemic has been critical in UK schools and colleges further embracing technology. The move to digital means better information sharing, remote access to crucial information, and improved engagement from students, but it has also made schools more vulnerable. 

“2023 has already seen a huge number of high-profile cyberattacks; clearly, schools are not immune either. Greater collaboration is needed between the government, the education sector, and third-party experts to ensure schools have the tools, knowledge and funding required to protect their organisations and the students they support.”