One in three schools hit by fraudsters impersonating staff emails

More than a third of schools polled across England have been hit by fraudsters impersonating their emails, according to a new survey.

The government’s National Cyber Security Centre and the charity National Grid for Learning (LGfL) also warned cyber-attacks “can be expected to coincide with public examinations” or results days — with hackers betting ransoms are more likely to be paid at critical periods.

Their latest school audit report warns schools must show “vigilance” as they are at “particular risk from cyber-criminals”.

More than three-quarters of UK schools surveyed had experienced some form of cyber-security breach or incident, suggesting all schools should assume they will face an attack – and “this could be tomorrow”.

Earlier this month the BBC reported a hacking group had leaked highly confidential documents from 14 schools, while last month Dixons Academies Trust revealed a cyber-incident had caused “some disruption”,

Data leaks and email fraud on the rise

Their poll of 805 schools across the UK last year found:

• Some 26 per cent of UK schools had seen people impersonate their emails, up from 20 per cent in a smaller 2019 poll. The 2022 figure was for so-called “spoofing” was even higher in England at 38 per cent. LGfL called it a “worrying trend” given most ransomware attacks occur via email.
• More schools reported staff had been sent fraudulent emails, or been directed to fraudulent websites. Such issues were again most prevalent among English schools responding, at 87 per cent.
• Seven per cent of UK schools had previously been “significantly disrupted” by cyber-attacks, with 42 per cent taking at least a week to recover. LGfL noted this “represents potentially tens of thousands of pupils”, affecting teaching, exams or systems keeping children safe.
• Around one in five respondents had experienced periods without access to important information, and the same reported suffering malware or ransomware attacks.
• The percentage reporting confidential information held online had been leaked more than doubled to 7 per cent between 2019 and 2022.

Cyber-security a ‘Rubik’s cube’ for schools

Sarah Lyons, director for economy and society at NCSC, part of GCHQ, said: “Our schools rely so much on the myriad of data required to run efficiently – including sensitive data on students, parents, governors and staff – therefore more work must be done to support the cyber security around these essential services.”

LGfL’s cyber-security lead Mark Bentley said IT safety could “feel like a Rubik’s cube” for schools, as every week “seems to bring new threats”.

He also said recruiting qualified experts was a “significant challenge and an additional expense”, but schools could still “do a lot” and recommended staying on top of the latest advice.

Only half have cyber-attack contingency plans

The report found 49 per cent of UK schools had contingency or continuity plans covering cyber-attacks, but 30 per cent did not. The rest were “unsure”.

Only 53 per cent of schools said they felt “prepared” for a cyber-attack, but it marked a slight increase on 2019. Awareness of phishing, and the extent of training for non-IT staff, also improved.

LGfL said that while most schools had effective antivirus solutions, “all too frequently schools sign up…but don’t active all its features or install it on all devices”.

One in four respondents said they did not use multi-factor authentication to safeguard online accounts, and the same proportion did not limit staff access to USBs that risk compromising systems. Four per cent said they had no back-up facilities.