Central Midlands Audit Partnership (CMAP), who provide schools financial value standard (SFVS) audit assurance work for local schools in Derby, has recently been made aware of a spate of cyber security attacks targeting schools in the UK. This included a recent ransomware attack against the Church of England St Augustine Academy in the Kent, that serves over 750 students, and a similar cyber-attack against Highgate Wood School in Crouch End, that delayed the start of the new term for over 1500 students.
A ransomware attack is a type of malware that prevents organisations such as schools from accessing their own data, by encrypting files and systems, thereby making IT systems unavailable and having a serious impact on the business. Additionally, cyber criminals also seek to exfiltrate personal and sensitive data from an organisations IT network and threaten to leak the data online unless a ransom is paid.
A number of articles are available from the National Cyber Security Centre (NCSC) to help schools protect themselves from falling victim to such attacks, or to assist in recovering from such attacks. This includes some free security assessment tools (WebCheck and MailCheck) that schools can use to monitor if their public facing websites and email systems have known security weaknesses. CMAP highly recommends these articles are reviewed in light of the current rise in attacks targeting the UK education sector, and suggests that the NCSC’s recommendations and controls are implemented:
Schools offered free cyber defence tools to help keep out... - NCSC.GOV.UK
Mitigating malware and ransomware attacks - NCSC.GOV.UK
Heightened cyber threat - NCSC.GOV.UK
For assistance, contact your IT technical support department, or general best practices advice can be provided by the CMAP team. Please contact paul.needham@centralmidlandsaudit.co.uk if you require advice on IT audit controls.