The huge amount of data being produced and consumed at work, at school and in our homes has brought with it the need to take both personal and corporate responsibility for how it is protected.

On the day that Safer Internet Day 2017 takes place across the UK let’s take a look at how the world of education is being affected by cyber attacks and what can be done to protect schools, colleges and universities from falling victim.

The opportunity

Cyber attackers have seized the opportunity to cause significant damage in recent years as more education institutions and their students access resources online. This has been aided by the proliferation in the use of mobile devices.

Cyber attackers come in many forms – nation states, terrorists, industrial spies, hacktivists, unhappy employees and straight forward criminals. Their aims can be very different – political, commercial, propaganda or purely vindictive – and the tools they use are varied.

Last month Action Fraud, the National Fraud and Cyber Crime Reporting Centre, issued an alert about fraudsters  posing as officials from the Department of Education who were cold calling schools in order to trick staff into installing ransomware on their computers.


Ransomware is one of the most common forms of cyber attack. The education sector has become a prime target. One report at the end of 2016 claimed that 56% of UK universities had been the victim of ransomware attacks in the last 12 months.

Ransomware can be devastating in terms of paying a ransom, the costs of recovering from an attack and also in reputational damage, and yet it can be delivered in the most unsuspecting way – an email attachment or a simple call to action in an email with a link to a website. 

What do the cyber attackers want? Data and/or a payment in order to return it.

So how can schools, colleges and universities combat these growing threats?


Regularly remind staff and students about the risks of opening emails from people they don’t know or that are spelt incorrectly – you will be amazed at how bad many hackers’ spelling is! Educating your people about the simple actions they can take for themselves is an important first step in a cyber security strategy.

Access policy

Have an overarching and multi-layered security policy in place. This should include clear policies about who can access certain types of data and what authentication is required.

Network monitoring

Understand where the potential vulnerabilities are in the network. Monitor the network for inconsistencies and regularly test your systems.

Incident response

Have a plan in place BEFORE an incident takes place. Ensure the IT team and/or management team knows what to do if a cyberattack does take place. A formal Backup and Disaster Recovery plan allows data and IT systems to be restored quickly – within minutes depending on the DR provider you are using.

Education institutions hold important data on pupils, students and staff. By taking cyber security seriously schools, colleges and universities can stay safe.

To find out more about the UK Safer Internet Centre and how it helps children stay safe online visit

To find out how iomart can help protect your education organisation click here