A practical Guide to Cyber Security in Schools

Cyber security is a concern for most organisations, including schools, and this can be a minefield without the correct tools and awareness in place to tackle the subject head on. The Holker Group would like to offer some practical guidance, in preparation for new legislation, The Age-Appropriate Design Code of Practice, planned to be enforced in September, in time for the new school year.

There are many security threats that all schools should be aware of. We have outlined 5 of the most common below and how to practically tackle them:

  1. Phishing

Phishing is one of the easiest forms of attacks to carry out. This is when an email is sent to an individual to trick them into providing sensitive information which enables the attacker to steal personal information or data.

  • A secure email gateway should be used to protect your organisation from phishing, spam, malware and targeted attacks.
  • Conduct security awareness training, for both staff and students.
  • Always ask for advice if you’re not sure a link or email is legitimate.
  • If you do get caught out, don’t feel silly, just report it immediately.

Once reported, the IT support team can investigate and deal with the issue. The sooner suspicious activity is identified the sooner it can be dealt with.

  1. Your own Staff and Students

Humans are not predicable like machines, so mistakes can and will be made.

  • Various IT security measures such as blacklisting websites, and restricting access to important data at the source, can be easily applied to your IT infrastructure.
  • Train all staff and students – the need for security awareness training is now at an unprecedented high, especially with home learning and home working.

School legislation and policies are all good, but they are not a substitute for creating your own culture of questioning in your school.

  1. Malware

One of the most common, harder to spot and dangerous types of security breaches. It can take multiple forms and is malicious at its core.

  • A secure email gateway should be in place, as per Phishing advice.
  • If malware does gets in, then do not deal with this type of attack yourself.
  • Seek immediate professional help.

These attacks are generally conducted by hackers or criminals and require a high-level of IT knowledge to fight them.

  1. Formjacking

This involves someone taking over a portion, or full control of a website by illegal means. This occurs due to security weaknesses, and can even go unnoticed, as it doesn’t cause any interruption to normal working.

  • Seek immediate professional help if this attack is noticed.
  • Run vulnerability tests with an IT team, experienced in security measures.

Once you identify the weaknesses in the security system, by the vulnerability tests, you can make sure these are strengthened, preventing any further breeches.

  1. Spam Injections via Comments

Highlighting the use of the internet in schools, hackers and hecklers will manipulate blogs on social media or websites that are not controlled.

  • Manage your online pages and social media platforms with care.
  • Use spam filters for comments on blogs.

Blocking malicious link injections on your school sites, should prevent this type of attack and can be easily applied with the right tools, by an IT Team, like Holker.

It is becoming almost impossible to survive as an organisation, if you are not IT secure, so it’s Holker’s philosophy that security is built into everything we do.

Holker have recently teamed up with our legal partners, Data Protection People, to deliver a 60-minute webinar on 28th April 2021. To cover the ‘Age-Appropriate Design Code of Practice’ legislation and offer a what/why/how to guide for compliance.

This webinar is open to anyone in a leadership role in Education.

For an invitation and the seminar link, email angela.gainford@holkerit.co.uk directly or call 01282 859806 and ask for Angela.