Over the last few years we have seen an unprecedented level of ransomware attacks on the education sector, perhaps partly spurred on by the pandemic making home working more prevalent amongst students and teachers.
All schools should prioritise having robust cyber security measures in place to prevent the possibility of these incidents and Virtue Technologies are perfectly placed to provide support for schools of all sizes to deliver this.
What is Ransomware?
Ransomware is a type of malware that prevents you from accessing data held on your system, and in some instances your complete system and network. Typically, the cyber criminal will encrypt, steal or delete your data or make your device inaccessible and then send you a ransom demand, telling you to hand over a large amount of money, usually in crypto currency. This will all be done anonymously making the criminals harder to trace.
A more recent trend is for the criminals to further threaten their victims with the release of sensitive data stolen from them during the attack if they don’t pay the ransom and to also attack backup servers to make recovery more difficult.
In incidents affecting the education sector this has led to the loss of student coursework, personal data and school financial records as well as downtime while trying to get the school up and running again, as well as a loss of reputation for the school.
Can I prevent a Ransomware Incident?
Attackers can gain access in a number of ways, depending on the vulnerability the criminal has identified.
A few of the main ways cyber criminals try to gain access are:
Weak Passwords – Having ‘password’ as your password isn’t the best idea, as attackers will frequently target networks through remote desktop protocols and Virtual Private Networks trying to exploit these simple weaknesses.
Remote Desktop Protocol (RDP) remains the most common form of attack as RDP is used to enable employees to access their office desktop computers or servers from another device over the internet. Insecure RDP configurations are often used by cyber criminals to gain access.
VPN vulnerabilities can also be used to gain access to your networks. The rise in remote learning has meant an increase in schools using VPNs and so criminals have taken advantage of this.
Phishing emails are frequently used to deploy viruses and ransomware. These emails encourage users to open a malicious file or click on a link that hosts the malware.
Unpatched software
Keep your software updated as much as possible, install official patches as these will include security updates closing holes in security that the cyber criminals may have found to exploit.
Comprehensive Cyber Security Review
As well as protecting the devices we use and the services we access online, Cyber Security is about preventing unauthorised access to the vast amounts of personal data we store on these devices and in online accounts.
Any cyber security incident can affect your school’s ability to function, the security of its data and its reputation, with a lot of incidents generating news headlines.
Virtue Technologies Security Configuration Check provides assurance that your school or Trust’s IT, network and online systems are protected from any unauthorised access, minimising the risk of being compromised by ransomware, malware or malicious activity.
We’ll work with you to individually tailor a technical review and provide a health status report with recommendations for any existing or likely future issues. We provide this IT Health check to you in an easy to read RAG/Traffic Light format report which offers a clear summary of the number, type and severity of any identified issues with all vulnerabilities identified and associated with a remedial solution.
We can then assist you to rectify any of the issues you haven’t been able to fix yourself and provide expert technical advice, support and service at all times during the process.
Influenced by the Cyber Essentials requirements, the Virtue Security Review is an effective way to improve a school’s understanding of their cyber security risks in a proportionate way. The Review is set out against the key themes identified by the DfE and National Cyber Security Centre: seek out information, raise awareness, and improve preparedness.
To arrange a Security Configuration Check or to discuss any of your schools IT needs contact us today
