Cyber Security in Education – Steps to take for teachers and parents

Digital devices and technologies are a huge part of our everyday lives. Schools, universities, and colleges are very technological diverse businesses, although many haven’t yet adjusted to that and are leaving the doors wide open for cyber criminals to strike.


From the use of personal devices that are connected to the school’s Wi-Fi or having filing systems that are accessed with a weak password, there are many entry points for cyber criminals to make use of.


With remote learning becoming the normal for long periods over last two academic years, cyber criminals have taken full advantage of this and have wreaked havoc across the country. A recent attack in the Isle of White has seen one cyber-attack wipe out 6 schools who are now unlikely to reopen in time for the new school year.


This article is designed to help provide teachers and parents with the information they need to identify common cyber threats, as well as tips on cybersecurity best practices to help you safely ease into the new school year.


How can teachers help to prevent cyber-attacks?

  • Encrypt your data so that hackers can’t intercept this data when in transit (and no we don’t mean when in a vehicle being taken to a meet point). If you send an email to a colleague with the contact details for a parent of your student attached, then that is data that is on the move and in transit. Hackers can steal this data if not properly transferred and then they can go on to sell this data for financial reward.

  • Follow your establishments cyber procedures and policies like you would if a fire alarm sounded in a school building. Your establishment should have cybersecurity measures in place to protect users, and it’s important to follow these provisions and contact your IT or Cybersecurity department if an issue arises.

  • If you are stepping away from your computer, you should always log out so that no other users can obtain the information that is available via your profile. If someone logged onto your profile now, could you confidently say they’d find nothing of interest?

  • Being an academic institution, it’s very likely that you require the need to store student data – this might include exam results or medical information to keep them safe whilst at school. This information must be stored securely to prevent attackers from using this as a target in Ransomware attacks. Backing up the data will allow you to have a second supply of this critical data should you be locked out until a ransom is paid.

  • Protect your passwords with a password manager, this is an encrypted cloud-based vault that syncs across devices and enables you to auto fill login information. You may have seen these when logging into websites and your browser has offered to store your password for you.

How can parents help prevents cyber-attacks?

  • Teach password privacy so that your children understand how to protect their devices and online accounts. Use the NCSC’s guidance on passwords so that they know why creating them is important and how to create them.

  • Location sharing and identity protection are functions on your devices that you can turn off. Inform your children how they can disable photo geotagging on their Android or iPhone device.

  • Ensure that you are using a secure Wi-Fi source whether you’re in the home or in a public place. The Wi-Fi source should be secured with a strong password, even if this is a guest Wi-Fi.

  • Parental controls exist to keep your children safe, so why would you not use them? Internet-connected devices are often given to children before they understand the dangers of the internet and device misuse. Utilise the controls and implement them before giving access to your children.

  • Stay informed of your child’s online activity by communicating with them on what they’re using their device for and how they are using it.

How can The Cyber Resilience Centre for the West Midlands help your education establishment?


Now more than ever, schools are relying on their online IT and ed-tech services to help with teaching and admin tasks. Your staff can play a key role in being the front line in keeping these IT services (and the information they access) secure and available.


Schools, Universities and Colleges (much like businesses) are increasingly reliant on IT and technology. Falling victim to a range of cyber activities aimed to cause harm and long-term damage. As the threat to the education sector increases, losing access to technology or suffering a data breach through a cyber-attack can be devastating. Both to your reputation and your long-term future.


​We know that not all teachers and support staff are very knowledgeable when it comes to cybersecurity. But we know that the appetite to learn through staff training, and new resources to help bridge this knowledge gap.


Join as a member of the WMCRC and receive the latest guidance, tips and tricks to help you educate your staff and pupils. We also offer a number of excellent cyber security services that range from reviewing your security policy to learn where your vulnerabilities are and how to fix them to running an assessment on your website that assesses your website and web services for weaknesses.


Based on best practice industry standards we will assess the top 10 security risks to websites and attempt to identity vulnerabilities.


This service also benefits from regional Police and National Cyber Security Centre intelligence to capture the very latest known threats and techniques used by cyber criminals.


The service reporting will describe in plain language, what each weakness means to your business and the risks associated with each. Service reporting will include plans and guidance on how to fix those weaknesses.

Find out more at www.wmcrc.co.uk/membership.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

 

The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.