Fraud Alert – Schools targeted with Ransomware
Originally posted on 23 January 2017
As I'm sure many of you will have seen, Action Fraud have published an alert after schools across the country have fallen victim to cyber criminals who have targeted schools in a widespread "ransomware" attack. Although it has so far predominantly been state schools who have been targeted in this particular attack, I wanted to make sure all my contacts at Independent Schools were aware of what is happening, and the best ways to mitigate the risk from these types of threats, as it seems that schools are the latest perceived "soft target" for these money making cyber criminals.
For those who aren't aware, ransomware is a form of malicious software (malware), which effectively hijacks your school's data by encrypting it, rendering it unusable by staff and pupils. The cyber criminals then demand payment of a ransom in order to provide the security key needed to decrypt your data. In the recent attack on schools this ransom has been up to £8000, but can be even higher, with some UK organisations who experienced these type of attacks last year being presented with demands in excess of £35,000!
Schools are not alone, as research conducted in June 2016 by Ostermann Research showed that 54% of organisations in the UK had experienced ransomware attacks during the previous 12 months, and, somewhat worryingly, 58% opted to pay the ransom, which would seem to suggest that the risks around such an attack had not been fully assessed or planned for, and contrasts sharply with data from the US where only 3% of victims paid the ransom.
So what should Independent Schools be doing to protect themselves?
Having good system backups, which are stored off-line so that they cannot also be encrypted, is, of course vital. But having to carry out a full scale disaster recovery of the school's ICT systems should really form the last line of defence. This is something I will talk about in future articles in more detail, but it is certainly not something to be undertaken lightly; it can be highly disruptive to the school's operations and indeed, without proper preparation, there is no guarantee of total success.
Unfortunately there isn't a piece of software or a firewall rule that will completely stop these sorts of attacks. Prevention really requires a blend of policies, staff training, plans and technologies to form a cohesive defence strategy for the school. Some of the steps we typically take with the schools who we work with include:
• Reviewing their current systems to identify risks and vulnerabilities.
• Working closely with the senior leadership team to define and implement a risk mitigation plan to address any vulnerabilities identified.
• Implementing a suite of technical measures, which may include hardware, software, cloud technologies and security policies to protect the schools data.
• Training and educating staff, particularly as these type of threats often get into a school through someone clicking on a bogus link or attachment.
• Devising, implementing and testing contingency plans including disaster recovery plans, frequent data backups, security incident response plans and emergency operating procedures.
Unfortunately whilst ransomware is generating such a healthy income for cyber criminals, I think it is only likely to become more prevalent, so it is best to be prepared.
Interested in finding out more about how entrustIT could help keep your school secure? Download our FREE White Paper >>
Subscribe here!
Recent Posts
Posts by tag
- technology (124)
- Security (97)
- cyber security (85)
- IT Security (81)
- Cloud (65)
- Microsoft 365 (63)
- modern technology (62)
- Managed Service (60)
- business (60)
- cloud computing (59)
- cyber attack (54)
- workplace (54)
- IT support (53)
- cloud it (53)
- Microsoft Teams (52)
- microsoft (51)
- Working from home (50)
- productivity (47)
- office (46)
- cybersecurity (44)
- office 365 (44)
- IT (41)
- Uncategorised (38)
- employees (38)
- entrustit (38)
- flexible work (36)
- Password Security (34)
- Remote (33)
- efficiency (31)
- Hosted Workspace (30)
- hosted desktop (30)
- schools (29)
- independent schools (28)
- school ict (27)
- collaboration (26)
- 2023 (25)
- Cyber (24)
- cyber privacy (22)
- public cloud (22)
- computing (21)
- email security (20)
- password (20)
- it support bournemouth (19)
- passwords (19)
- entrust (18)
- hosted applications (18)
- VoIP (17)
- cloud voip (17)
- covid19 (17)
- hacking (17)
- private cloud (17)
- data (16)
- it support dorset (16)
- teamwork (16)
- Coronavirus (15)
- GDPR (14)
- hackers (14)
- office 365 support (14)
- ransomware (14)
- IT audit (13)
- Protection (13)
- cloud cctv (13)
- covid-19 (13)
- hack (13)
- it support hampshire (13)
- management (13)
- network (13)
- Hosted Desktop and Applications (12)
- Windows Virtual Desktop (12)
- cctv (12)
- hardware (12)
- internet (12)
- it consultancy (12)
- 2020 (11)
- 2022 (11)
- hybrid cloud (11)
- internet safety (11)
- IT costs (10)
- Microsoft Planner (10)
- data breach (10)
- it consultancy bournemouth (10)
- it support southampton (10)
- it support winchester (10)
- phishing (10)
- vulnerabilities (10)
- windows (10)
- windows 10 (10)
- Backup (9)
- bitwarden (9)
- digital (9)
- it consultancy hampshire (9)
- telephony (9)
- attack (8)
- communication (8)
- desk phone (8)
- education (8)
- eu (8)
- it consultancy dorset (8)
- it consultancy southampton (8)
- msp (8)
- planning (8)
- software (8)
- staff (8)
- uk (8)
- Google (7)
- OneDrive (7)
- infrastructure (7)
- mobile (7)
- offsite backup (7)
- outsource (7)
- partnership (7)
- 2019 (6)
- Apple (6)
- Hampshire (6)
- IT Director (6)
- Skype for Business (6)
- apps (6)
- architect (6)
- child protection (6)
- cloud storage (6)
- european union (6)
- hacks (6)
- legal (6)
- legal it (6)
- mobile phones (6)
- onsite backup (6)
- password manager (6)
- remote desktop service (6)
- usecure (6)
- virus (6)
- 3d design desktop (5)
- Azure (5)
- Bournemouth (5)
- Desktop (5)
- ISO (5)
- News (5)
- Risk assessment (5)
- Windows 7 (5)
- awards (5)
- brexit (5)
- designer (5)
- personal data (5)
- resources (5)
- smartphone (5)
- website (5)
- Access Management (4)
- BYOD (4)
- Dorset (4)
- Facebook (4)
- Government (4)
- SharePoint (4)
- VPN (4)
- WannaCry (4)
- ios (4)
- law (4)
- legacy (4)
- proactive (4)
- remote learning (4)
- 2021 (3)
- 2024 (3)
- Attacks (3)
- Case Studies (3)
- General (3)
- Google Drive (3)
- Help (3)
- IP (3)
- Microsoft Forms (3)
- NHS (3)
- New Forest (3)
- Zoom (3)
- big switch off (3)
- budgets (3)
- citrix (3)
- closed cloud (3)
- ddos (3)
- digital hub (3)
- disaster recovery (3)
- guide (3)
- instagram (3)
- internet of things (3)
- meetings (3)
- sme (3)
- storage (3)
- surrey (3)
- teaching (3)
- trump (3)
- twitter (3)
- 2016 (2)
- 2018 (2)
- CAD (2)
- DR (2)
- DR planning (2)
- Environment (2)
- Firewall (2)
- Gen Z (2)
- ISBA (2)
- Local (2)
- Macs (2)
- Microsoft Copilot (2)
- PaaS (2)
- Tiva (2)
- android (2)
- artificial intelligence (2)
- award winning (2)
- bcs (2)
- broadband (2)
- camcloud (2)
- computer performance (2)
- digital transformation (2)
- downtime (2)
- dropbox (2)
- exhibition (2)
- finalist (2)
- innovation (2)
- legalex (2)
- london (2)
- macos (2)
- online meetings (2)
- organisation (2)
- paypal (2)
- predictions (2)
- president (2)
- strategy (2)
- united kingdom (2)
- us (2)
- video conferencing tools (2)
- 1998 (1)
- 5G (1)
- AI (1)
- AMD (1)
- ARM (1)
- Abbey Hill (1)
- Aldwickbury Park (1)
- BBC (1)
- BUNKERS! (1)
- Birchwood Park (1)
- Burhill (1)
- Burhill Group (1)
- Burnout (1)
- CEO (1)
- ChatGPT (1)
- Cloudtango (1)
- GPT-4 (1)
- Go Integrator (1)
- Hoebridge (1)
- Ignite 2018 (1)
- Ignite 2020 (1)
- Leaders (1)
- Loop (1)
- MFA (1)
- MSP Select 2024 (1)
- Market (1)
- May (1)
- Mr Mulligans (1)
- Multi Factor Authentication (1)
- MyAnalytics (1)
- Ninja Warrior UK (1)
- PBX (1)
- PM (1)
- Power BI (1)
- Privacy Shield (1)
- Ramsdale Park (1)
- Redbourn (1)
- Regulation (1)
- Surrey Business Awards (1)
- Sydenhams (1)
- Tech Company of the Year (1)
- The Business Magazine (1)
- Thornbury (1)
- WCry (1)
- WannaCrypt (1)
- Wifi (1)
- Wycombe Heights (1)
- acquisition (1)
- afc bournemouth (1)
- afcb (1)
- ashley madison (1)
- b2b (1)
- bandwidth (1)
- battersea (1)
- beach (1)
- big data (1)
- bloatware (1)
- blockchain (1)
- builders merchant (1)
- cambridge analytica (1)
- canada (1)
- cia (1)
- clinton (1)
- cnn (1)
- copilot (1)
- copilot pro (1)
- copyright (1)
- cryptocurrency (1)
- dark web (1)
- dns (1)
- donald (1)
- dyn (1)
- east grinstead (1)
- election (1)
- equality (1)
- executive order (1)
- farnham (1)
- fax (1)
- football (1)
- gchq (1)
- grinstead (1)
- intel (1)
- intelligence (1)
- josh widdicombe (1)
- landmarks (1)
- learning (1)
- legal technology forum (1)
- machine learning (1)
- meltdown (1)
- millennials (1)
- mirai (1)
- no-deal (1)
- onsite (1)
- paper (1)
- patisserie valerie (1)
- performance reviews (1)
- pound (1)
- premier league (1)
- procrastination (1)
- recruitment (1)
- research (1)
- serval systems (1)
- sharefile (1)
- smishing (1)
- snowden (1)
- solent (1)
- solent business awards (1)
- solentBA (1)
- spectre (1)
- sterling (1)
- storm (1)
- talktalk (1)
- trumppresident (1)
- ukitawards (1)
- united states (1)
- usa (1)
- vault 7 (1)
- vitality stadium (1)
- whatsapp (1)
- white (1)
- white house (1)
- wikileaks (1)
- wireless internet bournemouth (1)
- wireless internet southampton (1)
- women in business (1)
- xiongmai (1)
- year (1)