Cybersecurity advice for schools
Schools hold a wide range of sensitive information about pupils, parents and staff. There are criminal gangs who specialise in attacking schools' IT systems, and who will exploit any technical vulnerability they can to steal that data and use it to commit fraud.
Every school is at risk of being attacked and needs to have direct access to relevantly skilled IT people to maintain and secure their systems. If you only have one IT support person, you need to consider what happens if you are attacked when that person is unavailable.
You should keep all systems up-to-date with security patches and updates. Securing systems to “best practice” levels, including applying emergency patches promptly, will reduce the chance of them being successfully attacked.
If you are successfully attacked, it is likely that Haringey will place restrictions on electronic connections with you, to reduce the heightened risk of the council being attacked via your already compromised systems, or by fake communications using your stolen data.
Stolen data is most often used to:
- blackmail the school by threatening to publish the data online. They will often encrypt the school’s systems after the theft, leaving you with no access to the data until the 'ransom' is paid
- commit fraud on individuals, or to impersonate them and commit fraud under their identity
It is therefore essential for schools to act now to make sure their systems are secure.
Recommended actions
- Make sure you have enough IT resources, internal and external, to support your systems to a good standard
- Regularly review your anti-malware, firewall and operating systems and make sure you apply the latest updates
- Regularly check all key system logs – especially firewall and anti-malware logs – for suspicious events and escalate any found for further investigation to the relevant IT technical person
- Disable USB access for all users and ensure any one-off exceptions allowed are tightly controlled and disabled after use
- Stop or minimise the use of Remote Desktop Protocol (RDP) to access systems. You should also make sure any RDP sessions are closed off when completed
- Secure your school's email domain against spoofing as per the National Cybersecurity Centre (NCSC) guidance (external link)
- Check the anti-spoofing status of your email service (external link)
- Sign up to the London Grid for Learning (LGfL) newsletter (external link) for security and other updates.
- Read NCSC's cybersecurity for schools guidance (external link)
- If you're an LGfL customer, look at LGfL's security and device management pages (external link) and follow all relevant advice about configuring, checking, and responding to alerts from defence systems
- Make sure all staff receive cybersecurity awareness traning – find training at the NCSC website (external link)
- Take up any offer Haringey may make to you about cyber-incident response services