WITH primary and secondary schools moving to remote learning as part of the latest government guidelines, it is essential that staff, pupils and parents know how to protect both themselves and their schools from the threats posed by cyber-criminals.
The education sector has seen an increased number of cyber-attacks since the Covid-19 pandemic started, with the National Cyber Security Centre (NCSC) issuing a sector-wide alert back in September 2020. Schools are considered a popular target for cyber-criminals since they store large amounts of valuable data. Their computer networks are accessed by a large number of people on a daily basis, any of whom could inadvertently provide access to a cyber-criminal.
Current guidance offered by the NCSC encourages individuals working in education to ensure that their passwords are strong and memorable; that they can recognise the signs of a malicious email or text message – known as a phishing attack; and that care is taken when moving data via a USB or other external device. This advice is invaluable but must also be considered within the context of remote learning, which offers a large window of opportunity for cyber-criminals.
Some pupils will have been provided with laptops or devices from their school, others will be using personal computers. Either way, it is vital that software and applications are kept up-to-date, and that access is protected by strong passwords in order to keep the school computer network safe.
Both pupils and parents will be receiving a greater volume of emails from schools and teaching staff, ranging from lesson plans and homework sheets, through to links to online learning platforms. Cyber-criminals are capable of creating emails which on initial glance can pass as legitimate. And in the midst of a sudden increase in communication it would be easy to click on a file or link which appeared to have come from a class teacher, but which actually came from a malicious third-party. This would then infect the device – and potentially the entire school computer network – with malware.
When pupils are downloading educational or video conferencing software/applications from the internet, schools need to ensure that they are downloading them from legitimate sources. Cyber-criminals can create sites which appear in web browser search listings alongside the official software/application provider. Pupils may unknowingly download from one of these fake sites, and open a file filled with malware.
DS Symon Kendall, the Cyber Protect lead for Tarian Regional Cyber Crime Unit (RCCU), suggests that schools contact parents and pupils with guidance on keeping cyber-safe during periods of remote learning. “Knowing what to look out for can make a big difference,” says Symon. “For instance, phishing emails can often be identified by certain clues. Many will be addressed generically, such as ‘dear pupil’, rather than personally. Phishing emails will often carry a sense of urgency to try and pressure the target into clicking a link, such as ‘this homework sheet is only available for the next twelve hours so download ASAP.’”
“When requesting that pupils access or download software or applications, schools should endeavour to provide direct URL links to the legitimate provider or direct them to trusted application stores.”
“Ultimately, if something about an email or website doesn’t sit right, parents and pupils should be encouraged to contact the school or teacher directly to check whether it is safe. With such sudden changes to government guidance, both teaching staff and parents will no doubt be feeling overwhelmed but is essential that everyone is as proactive as possible.”
For simple steps on how to keep your school safe, NCSC guidance can be accessed in English and Welsh here: https://www.ncsc.gov.uk/information/resources-for-schools
For more information on keeping your school safe during periods of remote learning, the Cyber Protect network offers presentations for school management teams and staff. To find out more, head to: https://www.tarianrocu.org.uk/cyber-protect/ or send an email to: RCCU-Tarian@south-wales.police.uk