First uploaded: November 2022
Updated: February 2023
With schools increasingly reliant on technology, the education sector is becoming more of a target for cybercriminals looking to gain access to sensitive personal and financial data. As budgets are squeezed, there are limited resources available for IT expertise and cyber security which can lead to outdated and unprotected technologies. The majority of cyber-attacks are the result of security weakness within a schools’ Edtech services.
In the Department for Science, Innovation & Technology’s Cyber security breaches survey 2023,* findings from samples of UK education institutions showed that all types of education provider are more likely to have identified cyber security breaches or attached in the past 12 months than the average UK business.
Percentage of organisations that have identified breaches or attacks in the last 12 months
Phishing attacks (attempts to steal sensitive information) are by far the most common type of breach or attack, followed by online impersonation, then viruses, spyware or malware.
There are many ways a school’s security can be breached, and it’s important to be aware of how to spot the warning signs. Here are just three of the areas that schools need to be aware of.
Phishing scams
As mentioned, phishing scams (attempts to steal sensitive information) are one of the most common and well-known threats that schools face. Usually sent via email, phishing scams can allow cyber criminals access to company data and confidential information. The corrupt emails can also add viruses to technology systems and cause data to be completely lost from a system, which could lead to significant reputational damage and loss of income.
There are many people at a school with access to email accounts so it is imperative that pupils and employees are aware and trained to spot the signs of a phishing email. Whether it is looking closely at a link that is included within the email, hovering over a hyperlink to establish a genuine website, or questioning why you have been sent an email with an attachment before clicking, schools need to ensure all potential ‘targets’ are aware of these issues.
Third-party supply chain data
One vulnerable area for schools is through their supply chain. From work being outsourced to contractors for tasks such as cleaning and catering, to technologies such as cloud storage, a school’s data is not just restricted to its own devices.
What happens if a third-party supplier is hacked? Do they have the appropriate insurance to protect the costs of privacy breaches? It is important for bursars and school leaders to know this information, but if they don’t, we advise they carry out an appropriate risk assessment.
Schools should analyse what data their supply chain has access to, the impact if there was to be a breach, and whether there is any alternative to using a particular service.
Disgruntled employees
Disgruntled employees can be another source of data breach. If a member of staff leaves under negative circumstances, they might cause significant disruption and leak or sell confidential information. Alternatively, if the person is due to leave the school, they may not be as alert to attacks as they may have been before, and therefore could accidentally leak data.
Bursars and school leaders need to be aware of who has access to their data. If someone is due to leave, consider restricting access or removing it completely - eliminating any possibility that confidential information is shared, whether intentionally or not.
How can schools avoid a cyber-attack?
Avoiding an attack isn’t easy, but it is clear that schools need to act and make changes if they haven’t already. There are a number of steps schools can take to protect themselves against a cyber-attack and looking into existing insurance policies is key for further protection.
Where can you get cyber insurance for schools?
Within almost 60 years’ experience within the education market and with access to the UK's leading insurers, Endsleigh are the experts in protecting schools. Protect your data and reputation with our cyber insurance for schools.
Find out more about cyber insurance for schools.
Cyber security breaches survey 2023: education institutions annex - GOV.UK (www.gov.uk)