How to protect your school, college, or university from ransomware

In the last 12 months, cyber-attacks on the education sector have significantly increased. This has included attacks on primary schools, secondary schools, colleges, and universities across the region.


The cyber-attacks that have taken place recently have impacted schools in different ways, with some schools facing tougher consequences than others. The type of cyber-attack that schools are facing is ransomware attacks, this is a malicious software designed to block access to a computer system until a sum of money is paid.


Ransomware involves computer viruses that threaten to delete your files unless you pay a ransom. Like other viruses, it usually finds its way onto a device by exploiting a security hole in vulnerable software or by tricking somebody into installing it.


Why do cyber criminals target the education sector?

Often the aim of cyber criminals deploying ransomware is to encrypt data that will have the most impact on an organisation’s services. This can affect access to computer networks as well as services including email systems and websites.


Schools hold valuable information just like businesses do and this information can include student medical records, parents contact details and teachers bank details. This information is valuable as the criminals behind the attack can publicly post the data or sell it on cybercriminal forums and dark web marketplaces for additional revenue.


How can I protect my organisation from a ransomware attack?

  • Always back up your data, as restoring your files from a backup is the quickest way to regain access to your data.

  • Never click on unverified links, especially when they are from sources or senders that you don’t recognise.

  • Regularly scan your emails and systems for malware

  • Only download files from trusted sites

  • Use a VPN when using public Wi-Fi.

  • Do not use unfamiliar USB devices.

How can The Cyber Resilience Centre for the South East help my school?

To help the education sector outsmart cyber criminals and toughen up their cyber security, the Cyber Resilience Centre for the South East (SECRC), has been established to provide businesses and organisations, with an affordable way to access cyber security services and consultancy to help improve cyber resilience.


Schools, colleges and universities in the South East can sign up for free Core Membership online and receive a welcome pack full of practical resources and tools that will help you identify your risks and vulnerabilities and the steps you can take to increase your levels of protection. Through your membership, you will also get regular updates on new threats, designed to help you stay safer.

Sign up via http://www.secrc.co.uk/membership

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.