Schools looking at extending remote teaching programmes further into the year must start to plug any gaps in backup and security, UK solution provider Redstor has warned.
Paul Evans, chief executive of Redstor, said: “Cyber criminals are increasingly viewing education institutions as easy prey.”
In the firm’s disaster recovery insights blog, Evans noted that the National Cyber Security Centre has recorded a spike in the targeting of UK schools, universities and colleges.
The UK Department of Education (DfE) has also sent out a circular on the topic and urging a review of security policy and practice, paying particular attention to the ransomware threat, which is no longer confined to large corporates.
“The DfE and the government’s cyber security arm became so concerned in August that they alerted schools about the importance of putting adequate measures in place,” he wrote.
“As CEO of Redstor, a company that protects more than 50% of schools in the UK, I know that this is a warning that no educational head can ignore. The financial implications and reputational risks are too great.”
Evans said that many schools have already been hit by ransomware. Entire IT estates had been encrypted by criminals, including on-premise backup systems. Institutions, staff and pupils alike had lost data.
“Unlike banks or big businesses, education establishments do not have large budgets to protect their networks and train their staff and often have holes in their cyber security,” he said.
One key response is to ensure that all data is backed up regularly and stored separately from the ‘live’ network. This means of course that backup and recovery systems need to be tested and in place.
Multi-factor authentication should also be adopted, and patching performed in a timely manner to reduce risk.
“There is no shortage of staff and pupils who will inadvertently click on a malicious link or open a suspicious attachment,” Evans noted.
The National Cyber Security Centre provides a downloadable set of practical tips for schools here.
Evans referred institutions to research by password management provider Specops. Specops has found that click-jacking, tricking users into clicking on a different link from that intended, is the most common form of hacking in education institutions.
Specops has also found that many staff in the education and training sector claim they have not been trained sufficiently against cyber threats.
“Without the right protection, a school can take many days or weeks to get back to working normally,” Redstor’s Evans said.
“Many solutions tick the box of offline storage, but bandwidth limitations can mean they are extremely slow to recover or access vital data.”
Click here to read the full Redstor blog.
Redstor offers a Capita-approved, fully automated, cloud backup and recovery service for backup and recovery off-site as well as dedicated IP links to Redstor’s remote datacentres.
Redstor backup supports productivity suites common in schools and other education institutions, including Microsoft 365, Google’s G Suite, and Xero.