Keeping your school safe from cyber attacks

What are cyber attacks?

A cyber attack is an assault conducted by cybercriminals against devices or networks. Cybercriminals can use a variety of methods to steal data and maliciously disable computers. Phishing, malware, ransomware and denial of service, are just a few of the methods cybercriminals will often use.

Cyber security includes various methods for keeping data safe and secure so it cannot be breached. Examples of data that could be at risk; documents, pictures, videos, audio, online accounts, personal information and Emails.

We’ve put together the following list to help you assess whether your school is implementing sufficient measures to prevent cyber attacks to help keep your data secure from unauthorised access, giving you peace of mind and a recovery plan. 

Prevention

1. Latest software updates (for both operating systems & applications)

IT systems with out of date operating systems and old application versions are more susceptible to ransomware attacks.

2. Install an Anti-virus with the latest definitions

Anti-Virus software provides real time protection against ransomware. All devices must be covered by AV with scheduled scans and reporting. Keeping your AV up to date along with proactive scans and reporting is essential, especially in larger networks.

3. Multi-Factor Authentication

Don’t rely on just a password alone to access your accounts, you also need to authenticate with an authenticator application. The most common method of IT system breaches is through weak passwords. MFA adds a second layer of security so if your password is breached, the second layer prevents unauthorised access.

4. Don’t use common passwords

If you use common passwords you could be subject to a dictionary hack. A dictionary hack is a program that continues to try passwords which are common.

5. Password policies to force complexity

If your password is simple it’s easier to guess. We recommend making complexity requirements these can include: upper case, lower case, symbols, numbers and password length.

6. Train users to spot fake links within emails

Most ransomware attacks usually target the end-user as opposed to the IT systems directly. The user effectively opens the door for the hacker into the IT network. Effective user training and raising awareness reduces the likelihood that this will occur.

7. Device or Router firewall enabled

Open networks are effectively unlocked doors. Regular security checks are paramount.  Hackers often use common ports like remote desktop and VPN to gain access.

8. Lock devices when you’re not using

If your device is locked when not in use this stops unauthorised users from accessing your data.

9. Only install publisher verified applications

When installing software, operating systems have measures in place to verify you trust the application before installing. This would mean the publisher would match what is expected when downloading the software. Windows do this with User Account Control and Smart Screen.

Recovery

Although prevention is more cost effective than the cure, everyone needs an insurance plan.

1. REGULAR active backups

A minimum of daily offsite/offline backup of all files. It is not recommended you use tape backups or on site backup solutions as a primary method.

2. REGULAR test restores

It is often possible that backups are not needed for several years. However when they are, how confident are you that the data is restorable? Test restores ensure you can recover from worst case scenarios.

3. File backups vs application backups

Never assume that everything is backed up. Applications such as SIMS require different mechanisms of backups to restore. It’s important to be aware that simple file back ups don’t always restore applications.

4. Disaster recovery planning

Not just for ransomware but do you have a disaster recovery plan? IT Systems downtime costs money, a plan to reduce the downtime enables your school to be back up and running quickly.

5. Backup your cloud data

Schools often believe that storing data in Microsoft 365 or Google Workspace means that they are protected. This is not entirely accurate. By default both Microsoft and Google DO NOT perform backups of your data, this is an add-on service.

6. Replication

Replication simply takes a snapshot of your IT systems at regular intervals (15 minutes to 1 day). Replication enables you to quickly restore your IT systems to a usable state allowing you to do what you do best without any major disruptions. Replication is not readily available for schools with on-site servers, however, those with cloud services and servers in the cloud, can move away from traditional backup methods and use replication instead.

Every school is different, with many using various combinations of technology, so if you have any security concerns or are unsure of whether your school is doing enough to protect itself; contact us today to see how we can help.


Published: April 28