Skip to main content

The cyber threat facing private schools

By Amanda Doran
Head of Commercial Combined

Many schools this week are promoting the safe and positive use of digital technology. Events nationwide will see young people, parents, teachers, carers, law enforcement and policymakers joining together to help create a better internet.

With reports of cyber incidents and attacks at an all-time high, the need has never been greater.

Schools, colleges and universities are increasingly being targeted by cyber criminals. We have recently seen several reports of educational establishments having their data locked by ransomware, with some resorting to handing over money to get their systems back up and running. In early 2017 it was widely reported that Los Angeles Valley College paid $28,000 to hackers after being locked out of their computer systems.

Private schools targeted

In December security experts warned that criminals had launched a campaign against private schools and the parents paying school fees. Term fees of between £4,000 and £10,000 are an attractive target for criminals.

The scam works with hackers breaching the school's IT systems, often through a phishing attack. The criminals are then able to access customer data and email parents with fake invoices explaining that the school's payment details have changed and asking for payments to be made to a new bank account. Parents paying the invoice by bank transfer may have little chance of getting their money back as such payments are not protected, however if the school has cyber insurance the stolen fees may be covered.

The Independent Schools' Bursars Association has been proactive at warning parents about the dangers of cyber crime. If parents are suspicious about any emails the best advice is to telephone the school to check.

Cyber protection

With educational establishments being big targets for cyber criminals we encourage a complete risk analysis, which should include.

  • Securing IT networks and systems
  • Protecting customer data
  • Safeguarding confidential information and intellectual property
  • Securing school premises with alarms and CCTV
  • Looking at minimising business interruption and downtime
  • Reducing the risk of any fines and financial penalties
  • Reducing reputational damage and a public relations crisis

And for schools to have robust IT processes

  • Safeguard all computer networks with a firewall
  • Encrypt all sensitive data
  • Keep all software updated
  • Use up-to-date antivirus software and subscribe to a threat alert service
  • Avoid using easy passwords
  • Discourage staff from bringing in their own devices
  • Backup data regularly
  • Delete suspicious emails without opening
  • Be wary of clicking on links in emails
  • Test your website and web hosting for any vulnerabilities
  • Invest in a shredder and securely dispose of documents
  • Securely dispose of old laptops and computers by wiping their hard-drives
  • Secure portable devices such as laptops, mobile phones and USB memory sticks
  • Consider a basic cyber incident response plan

QBE Business Insurance has a specialist offering for independent schools and educational establishments to make sure that they have the right insurance cover in place, which can include a swift response in the event of a cyber incident. Ask your insurance broker about QBE.

More information on QBE Commercial Combined insurance