We’re not implying you might be surrounded by cybercriminals and not even know it but, as the saying goes, ‘to err is human’. When it comes to being cyber secure, it’s errors that can leave us vulnerable.
Although blame ultimately lies in the hands of those carrying out criminal activities, such as hacking and information theft, we can take steps to become active participants in mitigating the threat they pose. Watch our video below to find out how you can become more cyber resilient, and continue reading for relevant guidance and advice!
People are the ones who hack/steal servers/devices/information.
People are the ones who need trained in making cyber security a priority.
People are the ones who make mistakes.
People are the ones who can become disgruntled or upset and purposely take actions to leave others vulnerable to attack.
People are the ones who might think it’s funny to hack into servers, release or change passwords, or send viruses via email.
Cyber Security Attacks
Phishing is the use of ‘real’ or authentic looking messages or emails pretending to be someone or something else in order to gain access to your personal information and/or account details.
Smishing is the use of SMS texts in phishing scams.
Vishing is the use of phone calls or voice messages in phishing schemes.
Spear phishing scams are sent to a specific person and will often contain specific details about the individual.
Whaling attacks are targeted at a senior member of staff, and usually don’t contain a link but look for a ‘favour’ from a more junior employee (e.g. asking a staff member to buy gift cards for other staff members or to contact them on WhatsApp).
Ransomware, or ransom malware, is a type of malware that prevents users from accessing their system, account, or personal files and demands a ‘ransom’ payment in order to regain access.
Two-thirds of primary schools (66%) highlight phishing attacks as their single greatest concern. Similarly in the secondary sector, nearly all (99%) are concerned about phishing attacks.
From physical access to the building to who can get their hands on school devices, unwittingly giving people access is a major threat for cyber security. Some of the top risks are:
Computers left alone without the screen locked.
The class register or other information about a child being duplicated onto the interactive whiteboard.
Devices not being put away safely during break times, lunch, and at any point that the responsible adult leaves the room.
Not updating or being aware of who has access to servers.
Lack of oversight over access to physical risks such as CCTV systems, keys, and door passcodes.
Not keeping data on a ‘need to know basis’, thus increasing the number of people who can potentially access sensitive information.
Leaving your phone or personal device in an unsecure place.
Entering passwords or sensitive information within view of someone else.
Keeping a record of commonly used passwords on the wall near your device (yes – we know you do this!)
A school can be a busy place, with outsiders coming in for a variety of reasons. It’s important to make sure everyone who is invited onto school grounds has: permission to be there, undergone relevant legal checks, and has restricted and monitored access to areas of the school (e.g. parents evening).
This is everybody’s responsibility. If someone comes into your classroom, ask yourself if they should be there, and check there are no devices left lying around that they could access.
Children and young people are using tech at an earlier and earlier age. Their lives are spread between the online and offline world, with many having devices in their hands from a very young age. This means their tech knowledge can be pretty well developed by the time they reach school. This, plus access to endless amounts of information on the internet, can result in some young people having impressive technological skills!
Not all, however, will choose to use these skills for good. Whether it’s out of well-intentioned humour or negative reasons (like being upset at a teacher, feeling isolated, or part of peer pressure), there have been incidents of pupils hacking servers, changing passwords, and otherwise targeting schools via cyber breaches.
Lack of Training and Awareness
Keeping up to date on cyber security can present a challenge for educational establishments. On top of everything else that is ‘vital’ and ‘urgent’ that schools have to prioritise, knowing where to get reliable information and finding time for regular training can be difficult. However, it’s the gaps in knowledge that create a threat to cyber security – criminals rely on the vulnerabilities of their victims.
Over half (56%) of primary schools have stated those responsible for cyber security receive little to no training in the matter, even though 41% of those schools have identified a security breach.
It’s important to remember that this isn’t just a security issue – it’s also a safeguarding one. Not only do cybercrimes leave your school open to becoming financial victims, but the risk of data leaks (and losing access to network-connected IT services) could result in considerable disruption and ongoing consequences, including compromising the personal information of your pupils. Having up-to-date cyber security helps to safeguard not only your school but also the safety of the children and young people in your care.
Cyber Security Threats in the Home
Even in the home, it can be all too easy to accidentally leave access to others without even realising it. It may be someone coming to your house to complete maintenance work or collect an item you’ve sold online. It could even be someone you’ve met plenty of times before, like a friend of a friend coming round for a post-school run cup of coffee, or even your own child or their friend(s).
When it comes to leaving yourself open to the potential consequences of cyber security breaches, we can never be too careful. Have a look around the room you’re in right now – how much potentially sensitive information could someone gain if they were alone in that room? For example, is there:
Your phone, which stores passwords, email addresses, or contact information for vulnerable members of your family?
Your work laptop, containing access to sensitive data, passwords, Teams, email, or another way someone could contact a colleague while pretending to be you?
A diary/book, in which you’ve written passwords down?
You don’t have to go too long without hearing on the news about a platform getting hacked or getting in trouble for misuse of data. However, for many children and young people, threats to their cyber security probably aren’t top of their agenda when thinking about participating in the online world!
Even when taking part in seemingly innocent quizzes on platforms like Facebook, the child or young person isn’t likely to spend too much time reading the terms and conditions.
Social Media Quizzes
Although these styles of quizzes appear to be free, the real price is often paid in the currency of personal data, which is then used by data companies for targeted information or even to sell on to cybercriminals on the dark web.
If your child – or you! – can’t resist filling out these quizzes, then make sure to provide fake information, especially to questions similar to security questions used by your financial institutions for your passwords. For example, if you are asked, ‘What is your favourite pet,’ make up an answer! Especially if you’ve hundreds of photos of your beloved pet uploaded online (and let’s face it, most of us do).
Top Tips for Overcoming Threats to Cyber Security
Don’t just think it – do it! The perceived inconvenience of taking simple steps (like the ones below) will be far outweighed by the potential consequences, should your home or school’s cyber security be breached.
Lock up. If you’re leaving any devices alone in a room, make sure everything is put away safely and/or locked up before you go. This applies to devices and doors as well as your personal phone and bank cards.
Stay informed. One of the key factors to staying cyber resilient is keeping yourself up to date with the latest scams, safety alerts, and advice. One of the best ways to do this is by downloading the free Safer Schools NI App.
Keeping information secure. Do a ‘health check’ on who has access to sensitive information and data. For example, once a previous staff member ceases working at a school, is all their access revoked? Does every staff member need access to the school’s financial files and details? Does a previous partner have access to your email account? It’s not about a lack of trust, but about lessening the risks brought on by potential human error.
Stay alert to changes and advancements. Making sure your school is cyber secure isn’t just a one-time thing. Just as cyber-criminals evolve their methods, we also must keep evolving our defence mechanisms. Assign a staff member to be responsible for all cyber security matters, including regular training for them and for wider staff teams – like our upcoming Cyber Security webinar!
Cyber resilience requires a whole school approach!
Mitigating cyber security threats isn’t just up to you (was that a sigh of relief we just heard?!) but is everyone’s responsibility. Even if one staff member is assigned to take the lead, everyone in your entire school community should be actively keeping their cyber security knowledge in check. Encourage colleagues to do their part and ensure parents, carers, and pupils are kept educated on the risks and steps they can take.
Deepen your understanding of cyber security and expand your knowledge of cyber threats, security measures, and incident mitigation, all within the context of educational institutions.