Schools

One in three schools hit by fraudsters impersonating staff emails

Schools have been warned they face particular cyber-security risks on exam and results days

Schools have been warned they face particular cyber-security risks on exam and results days

17 Jan 2023, 5:00

More from this author

More than a third of schools polled across England have been hit by fraudsters impersonating their emails, according to a new survey.

The government’s National Cyber Security Centre and the charity National Grid for Learning (LGfL) also warned cyber-attacks “can be expected to coincide with public examinations” or results days — with hackers betting ransoms are more likely to be paid at critical periods.

Their latest school audit report warns schools must show “vigilance” as they are at “particular risk from cyber-criminals”.

More than three-quarters of UK schools surveyed had experienced some form of cyber-security breach or incident, suggesting all schools should assume they will face an attack – and “this could be tomorrow”.

Earlier this month the BBC reported a hacking group had leaked highly confidential documents from 14 schools, while last month Dixons Academies Trust revealed a cyber-incident had caused “some disruption”,

Data leaks and email fraud on the rise

Their poll of 805 schools across the UK last year found:

  • Some 26 per cent of UK schools had seen people impersonate their emails, up from 20 per cent in a smaller 2019 poll. The 2022 figure was for so-called “spoofing” was even higher in England at 38 per cent. LGfL called it a “worrying trend” given most ransomware attacks occur via email.
  • More schools reported staff had been sent fraudulent emails, or been directed to fraudulent websites. Such issues were again most prevalent among English schools responding, at 87 per cent.
  • Seven per cent of UK schools had previously been “significantly disrupted” by cyber-attacks, with 42 per cent taking at least a week to recover. LGfL noted this “represents potentially tens of thousands of pupils”, affecting teaching, exams or systems keeping children safe.
  • Around one in five respondents had experienced periods without access to important information, and the same reported suffering malware or ransomware attacks.
  • The percentage reporting confidential information held online had been leaked more than doubled to 7 per cent between 2019 and 2022.

Cyber-security a ‘Rubik’s cube’ for schools

Sarah Lyons, director for economy and society at NCSC, part of GCHQ, said: “Our schools rely so much on the myriad of data required to run efficiently – including sensitive data on students, parents, governors and staff – therefore more work must be done to support the cyber security around these essential services.”

LGfL’s cyber-security lead Mark Bentley said IT safety could “feel like a Rubik’s cube” for schools, as every week “seems to bring new threats”.

He also said recruiting qualified experts was a “significant challenge and an additional expense”, but schools could still “do a lot” and recommended staying on top of the latest advice.

Only half have cyber-attack contingency plans

The report found 49 per cent of UK schools had contingency or continuity plans covering cyber-attacks, but 30 per cent did not. The rest were “unsure”.

Only 53 per cent of schools said they felt “prepared” for a cyber-attack, but it marked a slight increase on 2019. Awareness of phishing, and the extent of training for non-IT staff, also improved.

LGfL said that while most schools had effective antivirus solutions, “all too frequently schools sign up…but don’t active all its features or install it on all devices”.

One in four respondents said they did not use multi-factor authentication to safeguard online accounts, and the same proportion did not limit staff access to USBs that risk compromising systems. Four per cent said they had no back-up facilities.

Latest education roles from

Executive Director of Finance – Moulton College

Executive Director of Finance – Moulton College

FEA

Director of Governance – HRUC

Director of Governance – HRUC

FEA

Principal and CEO

Principal and CEO

Hills Road Sixth Form College

Senior Quality Officer

Senior Quality Officer

University of Lancashire

Sponsored posts

Sponsored post

IncludEd Conference: Get Inclusion Ready

As we all clamber to make sense of the new Ofsted framework, it can be hard to know where...

SWAdvertorial
Sponsored post

Helping every learner use AI responsibly

AI didn’t wait to be invited into the classroom. It burst in mid-lesson. Across UK schools, pupils are already...

SWAdvertorial
Sponsored post

Retire Early, Live Fully: What Teachers Need to Consider First

Specialist Financial Adviser, William Adams, from Wesleyan Financial Services discusses what teachers should be considering when it comes to...

SWAdvertorial
Sponsored post

AI Safety: From DfE Guidance to Classroom Confidence

Darren Coxon, edtech consultant and AI education specialist, working with The National College, explores the DfE’s expectations for AI...

SWAdvertorial

More from this theme

Schools

Reform council’s school transport cut call ‘Victorian’, says Phillipson

Phillipson rejects call to extend the distance children can be expected to make their own way to school

Lydia Chantler-Hicks
Schools

School uniform: New rules to meet Labour’s cap revealed

Government guidance tells schools to confirm changes ASAP, consider legal advice and lets parents complain to government

Jack Dyson
Schools

AI could analyse lessons delivered by new teachers under NIOT pilot

Artificial intelligence could be used to analyse recordings of lessons by early career teachers under a new trial being...

Lydia Chantler-Hicks
Politics, Schools

Reform government would ‘root out teachers brainwashing kids’ says MP Lee Anderson

Reform UK members tell party conference of need to crack down on 'brainwashing' teachers and stop schools 'becoming indoctrination...

Lydia Chantler-Hicks

Your thoughts

Leave a Reply

Your email address will not be published. Required fields are marked *