Schools looking at extending remote teaching programmes further into the year must start to plug any gaps in backup and security, UK solution provider Redstor has warned.
Paul Evans, chief executive of Redstor, said: “Cyber criminals are increasingly viewing education institutions as easy prey.”
The UK Department of Education (DfE) has also sent out a circular on the topic and urging a review of security policy and practice, paying particular attention to the ransomware threat, which is no longer confined to large corporates.
“The DfE and the government’s cyber security arm became so concerned in August that they alerted schools about the importance of putting adequate measures in place,” he wrote.
“As CEO of Redstor, a company that protects more than 50% of schools in the UK, I know that this is a warning that no educational head can ignore. The financial implications and reputational risks are too great.”
Evans said that many schools have already been hit by ransomware. Entire IT estates had been encrypted by criminals, including on-premise backup systems. Institutions, staff and pupils alike had lost data.
“Unlike banks or big businesses, education establishments do not have large budgets to protect their networks and train their staff and often have holes in their cyber security,” he said.
One key response is to ensure that all data is backed up regularly and stored separately from the ‘live’ network. This means of course that backup and recovery systems need to be tested and in place.
Multi-factor authentication should also be adopted, and patching performed in a timely manner to reduce risk.
“There is no shortage of staff and pupils who will inadvertently click on a malicious link or open a suspicious attachment,” Evans noted.
The National Cyber Security Centre provides a downloadable set of practical tips for schools here.
Evans referred institutions to research by password management provider Specops. Specops has found that click-jacking, tricking users into clicking on a different link from that intended, is the most common form of hacking in education institutions.
Specops has also found that many staff in the education and training sector claim they have not been trained sufficiently against cyber threats.
“Without the right protection, a school can take many days or weeks to get back to working normally,” Redstor’s Evans said.
“Many solutions tick the box of offline storage, but bandwidth limitations can mean they are extremely slow to recover or access vital data.”
Redstor offers a Capita-approved, fully automated, cloud backup and recovery service for backup and recovery off-site as well as dedicated IP links to Redstor’s remote datacentres.