Educational institutes are becoming one of the most common targets of cyber attacks, mainly due to the confidential nature of the information they hold in regards to not only students, but also staff and parents. On top of this, budget challenges and a lack of cyber training often leave schools in a vulnerable position.
Research conducted by ecclesiatical earlier this year found that 1 in 5 British schools and colleges have fell victim to cyber attacks, with only 65% claiming to have a cyber-security plan in place - but you can't have the right plan if you don't know what you're protecting yourself against.
Phishing scams are the most common type of cyber attack, with 91% of all cyber attacks starting with this type of email, and schools aren't an exception. Phishing attackers will disguise themselves as a trustworthy service provider, or even someone the user knows personally in more targeted attacks, through the design of the email and the message or request provided - for example, an overdue invoice. The goal of these attacks is to gain sensitive information, or network access, which is achieved through manipulation, malicious hyperlinks, and sometimes attachments.
Last year the American school district of Manatee County suffered a data breach affecting nearly 8,000 employees, which all started with a targeted phishing email sent to a payroll employee.
Solution: Altinet Managed Email Security is a comprehensive solution that blocks email-borne attacks using Advanced Threat Protection - a layered defence feature that blocks sophisticated threats from reaching users or data.
Ransomware attacks are possibly the biggest concern for schools at the moment, with the Verizon 2018 Data Breach Investigations Report finding that ransomware attacks have doubled since 2017, with education reported as one of the top sectors for social breaches. Ransomware is a form of malware attack, usually making its way onto a device through malicious attachments, hyperlinks, or online ads. Once on a device, ransomware encrypts the user's files to make them inaccessible, demanding a ransom payment in exchange for a decryption key.
Schools are a prime target for attacks of this nature because they hold data that is not only confidential, but too important to lose, making them much more likely to actually pay the ransom as to avoid interrupting the education of all their students.
Solution: For Office 365 users, Essentials is the best solution, offering multi-layer email security to block any email-borne threats, as well as reliable backup and recovery options to prevent attackers from using important data for blackmail.
A distributed denial of service attack - or DDoS - targets an organisation with a flood of requests and traffic from potentially thousands of sources, until the network is so overwhelmed that it goes offline, often exposing potential breach points in the process. These types of attacks have been commonly used against finance and banking organisations for a long time now, but have only recently become such a common issue for both schools and universities.
Unfortunately DDoS attacks are one of the easiest to deploy, meaning schools can often find themselves targeted by their own disgruntled students, trying to access grades or just cause chaos. Although not aimed at a school, one of the largest DDoS attacks of recent years was actually instigated by 3 college students in America, who managed to turn millions of computers into a network of malware-infected zombies, launching an attack on the tech company Dyn that managed to slow down the internet for the whole Eastern side of the US.
Solution: Altinet WAF-as-a-Service uses enterprise-proved technology to provide unmetered DDoS protection, among many other threats. This protection covers both application DDoS, as well as volumetric, ensuring your network can continue running as usual.
Data breaches may be the result of a cyber attack in most instances, but user error also plays a massive role. A lack of security awareness training amongst staff and students can lead to seemingly small mistakes that have the potential to expose private information - most notably, all phishing attacks rely on the user's compliance, whether that be clicking on an unknown link, downloading an attachment, or filling in their personal details on a fake website.
The ICO's data security report from the end of last year found various examples of user error within the education sector, including data left in an insecure location, data emailed or posted to the wrong recipient, and a loss of paperwork or unencrypted devices.
Solution: Barracuda Sentinel scans inbound traffic for phishing emails, as well as other attacks, blocking them before they can reach the user's inbox. On top of this, the AI and anti-fraud training elements can search for patterns in suspicious emails to help prevent future attacks, and identify high-risk users to improve their behaviour.
For more information about the cyber security services offered by Altinet, visit our website.