It used to be that the main concern for schools was simply bedroom-bound hackers testing the limits, carrying out digital attacks simply because they could. Although this raised plenty of threats, in most cases damage would be limited, and attacks from viruses, whilst troublesome, were limited to causing computers to become unreliable or slow.
Nowadays, as educational institutions continue to adopt tools to monitor the behaviour and performance of students, the data held by schools is also becoming increasingly detailed and, therefore, attractive to unscrupulous hackers. And their hacking methods are increasingly sophisticated, having evolved their techniques from the more traditional routes such as malware, worms or viruses, for which IT defences are designed for.
The scale of the problem
Ransomware spreads like a virus, searching for data in the files on your machine and encrypting them; this essentially ‘locks’ them so that you are unable to gain access. And if your computer is part of a network, it will find and encrypt data across your networks and servers. You’ll then be asked to pay a ‘ransom’ to be given the decryption key to unlock your files, often with the additional threat of exposing any personal data to leverage payment.
With this type of attack on the increase, anti-virus software has evolved to include activity monitoring that can protect server data by looking for ‘virus like’ activity on the network and shutting it down.
Phishing is the fraudulent practice of sending emails purporting to be from a reputable source in order to encourage individuals to reveal personal information such as passwords or credit card numbers, or even convince people in charge of funds to move money to a fraudulent account. They rely on users to complete the attack, which is why the solution is not just a good spam filter that’s regularly updated, but also user training to help your users spot potential threats.
Web security and application control
There are several safeguarding guidelines including the KCSiE statutory guidance and Prevent Duty Guidance which have established web monitoring and filtering as mandatory digital safeguarding requirements in schools.
There are a number of things to consider including not just which websites can be accessed, and what sort of content can be downloaded. Categorising websites can make filtering content easier in this situation.
Over 40% of web traffic now encrypted including basic websites like Google. This means that you need a more powerful firewall to scan this traffic to prevent threats getting through.
However, it’s not just websites that are accessed via the internet. Internet enable applications needs to be considered and controlled also, and any malicious software that may have found its way on to your system needs to be prevented from accessing the web.
The final element in web security and access control is having access to good reporting. Knowing what is being accessed online and when, and the ability to monitor activity in real time as well as historic data makes it easier to achieve your statutory requirements and also gain insights that can help you refine your filtering process.
With this type of attack on the increase, anti-virus software has evolved to include activity monitoring that can protect server data by looking for ‘virus like’ activity on the network
Having the right technology and keeping it
If you’d like to know more about cyber security, then check out my video series on topics such as email security and ransomware.
And to understand where your security vulnerabilities lie, register for a free* cyber security assessment with a qualified ACE practitioner from Icomm, who will work with you to identify and analyse security issues, and give you guidance on any improvements that are needed to make your network more secure. Register here or call 0121 248 7931.
Mark Lomas is an IT consultant with Icomm Technologies ; a leading provider of managed IT services, pro-active IT support and solutions. With nearly twenty years’ experience, Mark is an accredited NetApp, VMware, Microsoft and Symantec professional, specialising in SAN storage and virtualisation. Working across a variety of areas of systems infrastructure, Mark provides award-winning cloud and managed IT services to large organisations and SMEs alike, helping them save time and money.
*Terms and conditions apply. Qualification phone call required. You will receive up to 4 hours’ consultancy from a qualified ACE practitioner.