Education Today Education Today Magazine
The sustained integration of technology into the classroom over the past two decades has undoubtedly changed the art of teaching. Yet, technological innovation has also created new vulnerabilities which can be exploited by criminals, who see schools as profitable targets.
From cybercriminals posing as suppliers, to other cyber-threats such as phishing links, designed to obtain data through defrauding someone into disclosure; and ransomware, which aims to extort money via a ransom following the acquisition and encryption of data or files – cyber attacks can have far-reaching consequences for pupils’ education, teachers’ resources, and learning systems.
Weak passwords, poorly designed software, authorising too many people to access files and accidental human error are all contenders for a data breach/cyber attack.
Schools are more likely to identify cyber security breaches than the average business
In their latest report, the Department for Science, Innovation & Technology stated that all types of education institutions are more likely to identify cyber security breaches or attacks than the average business.* In the last 12 months, 63% of secondary schools and 41% of primary schools identified cyber breaches or attacks.
Phishing attacks are by far the most common type of breach or attack identified, followed by online impersonation, then viruses, spyware, or malware.
Many of these issues can be avoided through staff training and investing in robust data management processes.
What to do if a data breach occurs
If a serious data breach occurs which is likely to harm the rights and freedoms of individuals, it must be reported to the Information Commissioner’s Office (ICO) within 72 hours. The ICO will then provide advice and guidance on how to manage the breach, and lessons to be learned so it doesn’t happen again. This may cover what improvements to policy documents, security measures, and training the school needs to put in place.
How can cyber insurance protect schools?
What options are available to schools if they do suffer a serious security breach, even if all policies have been closely followed? One option which can provide a viable safety net against emerging cybercrime and security threats is cyber insurance.
Not only does a cyber insurance typically cover loss of income related to a cyber attack, but it can also cover the cost of third-party experts should they be required, such as a forensic investigator or ransom negotiator, and the cost of full data re-creation.
Should a cyber attack happen, having insurance in place could be the difference between a breach being well-managed, and resolved, or a difficult process ensuing. Cyber security insurance can also be supported by an online reputational risk management policy which can include the use of ‘social listening’ technology to monitor your school’s digital footprint and alert stakeholders to any imminent online reputational risks.
Is your school fully protected?
Whether you’re covered by a commercial insurance policy or the Risk Protection Arrangement, it’s worth checking to see if your current cyber cover is as extensive as it could be. Here are a few questions to ask:
- Does your policy cover your school for extortion as standard?
- What are the current limits of indemnity?
- Does your policy only cover the restoration of data/ systems if there’s a back-up available, or are you covered for full recreation of data and systems?
- Is your insurer pro-actively trying to reduce cyber events via risk management/ internet scanning and by being aware of ongoing threats to the market, or do they only offer reactive cover?
Complimentary cyber insurance review
Endsleigh, part of Howden the global insurance group, has almost 60 years’ experience providing insurance solutions to the education community. We’d like to offer you a no obligation, complimentary review of your current cyber cover. Call us on 0333 234 1553, email us at schools@endsleigh.co.uk or book your review here.
Find out more about Endsleigh’s cyber insurance cover for schools.
* Cyber security breaches survey 2023: education institutions annex – GOV.UK (www.gov.uk)
