search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
VIEWS & OPINION


How to prevent and deal with Ransomware attacks on your school


Comment by GARETH JELLEY, Product Security Manager at LGfL-The National Grid for Learning


‘Ransomware attacks within education are on the increase because cybersecurity criminals perceive schools to be an easy and potentially lucrative target,’ says Sophos in its latest report The State of Ransomware in Education. Given the above, I’d like to share my top tips on how to prevent, and also deal with, a ransomware attack on your school.d.


Defending your systems and raising awareness


The first and most important action you should take is to defend your


systems and educate staff about the growing threat presented by ransomware:


Policies and certification: • Ensure that you have a comprehensive cybersecurity policy which outlines the school’s guidelines and security provisions. You can download a free template here https://elevate.lgfl.net • Ensure cybersecurity risks are detailed in your school’s Risk Register, used to assess, evaluate, prioritise and manage cybersecurity risks. Remember too to keep your Governors informed. You can download a free template from https://elevate.lgfl.net. • Consider attaining the Cyber Security Essentials certification. Using the self-assessment option, you can evaluate if you have the basic controls your organisation should have in place to mitigate the risk from common cyber threats, and obtain certification if you meet all the criteria. Alternatively, you can use it to map areas of improvement and implement a development plan based on it.


Subscribe: • Subscribe to the Early Warning service https://www.earlywarning.service. ncsc.gov.uk/ from the National Cyber Security Centre (NCSC) designed to help organisations defend against cyber-attacks.


Educate staff: • Educate staff and students about the risk of ransomware and their role. • Run Cyber Security Training for School Staff from the National Cyber Security Centre (NCSC). It’s free. • Run regular simulated phishing campaigns that are linked to training to raise awareness of how to spot phishing emails. • Ensure staff are aware of what to do if they notice something suspicious on their machine, and who to report it to.


Protect your finances: • Ensure there are appropriate finance processes in place when a company requests changes to bank details. New information should always we confirmed via an alternative method, not just email. • Ensure requests for out of the blue payments/gifts/prizes are verified in person or via a phone call.


Reduce your vulnerabilities: • Ensure any new systems/software are reviewed at the procurement/ purchasing stage to ensure they meet security standards. • Implement Role-Based Access Control (RBAC) where the level of access to the network is determined by each person’s role within the school. • Access can be based on several factors, such as authority, responsibility, and job competency. • Install security patches as soon as possible to help resolve hardware, operating systems and application vulnerabilities that could be exploited by hackers. • Install and monitor antivirus software. • Implement Multifactor Authentication - an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN.


22 www.education-today.co.uk


• Run regular backups so you are able to recover from any incident (fire/ flood/ransomware) and test that they work. • Keep backups offline/offsite to prevent them being impacted by the ransomware (although online, some cloud backup solutions can be considered ‘offline’). • Perform regular housekeeping and remove user accounts and files/ software/systems that are no longer needed. • Replace software and systems that no longer receive regular security updates from their vendors, e.g., Windows 7/Shockwave/Flash Player. • Schedule reviews of security configurations to ensure obsolete settings are removed, particularly on firewalls. • Perform vulnerability scans of internal systems to detect and classify system weaknesses in computers, networks and communications equipment and to predict the effectiveness of countermeasures. • Commission penetration tests to evaluate the effectiveness of your security systems. • Ensure email is configured with SPF/Dmarc/DKIM – this will prevent hackers from impersonating your email. The Sender Policy Framework (SPF) is an email-authentication technique which is used to prevent spammers from sending messages on behalf of your domain. Dmarc is an open email authentication protocol that provides domain-level protection of the email channel. DKIM (Domain Keys Identified Mail) is a protocol that allows an organisation to take responsibility for transmitting a message by signing it in a way that mailbox providers can verify. • Where possible limit the locations from where accounts can be accessed – e.g., prevent users logging on from outside the UK (Russia/China/ Australia/America/etc) using geofences - virtual geographic boundaries.


Be prepared for an attack


Assume that at some point you will be affected and plan accordingly: • Implement a specific Incident Response Plan for ransomware – including communication plans. You can download a free template from https:// elevate.lgfl.net/. • Run desktop exercises of the Incident Response Plan to highlight gaps/ updates. The NCSC has exercises at https://www.ncsc.gov.uk/information/ exercise-in-a-box. • Consider the DfE Risk Protection Arrangement (RPA) for schools at https://www.gov.uk/guidance/the-risk-protection-arrangement-rpa-for- schools as an alternative to commercial insurance, which includes cyber cover and may save time and money.


During or after an attack


If you are attacked, take the following steps immediately: • If you have been asked for a ransom, or are a victim of cybercrime, contact Action Fraud at https://www.actionfraud.police.uk/, the UK’s national reporting centre for fraud and cybercrime and a central point of contact for information about fraud and financially motivated internet crime. • Disconnect infected computers/laptops or tablets from all network connections. • Consider if you need to disconnect networking equipment, or the school’s internet connection. • Review cybersecurity insurance policies to see how they can support you. • Wipe infected devices and reinstall their operating system and applications. • Install, update, and run antivirus software. • Check backups are not infected, and then restore them. • Reset credentials, including passwords and Multi-Factor Authentication (MFA) registrations. • Reconnect to the network and monitor systems. • Review your Incident Response Plan to ensure lessons are learnt. • Assume that at some point you will be affected again, and plan accordingly. • Inform the Information Commissioner’s Office at https://ico.org.uk/ if you are subject to a personal information data breach.


For further top tips on cybersecurity for schools visit: https://security.lgfl.net October 2022


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44