By Fintan Costello
The ransomware attack on the health service in Ireland highlighted just how easy it is for cybercriminals to gain access to an organisation’s data, causing distress and leaving vulnerable people’s sensitive information in the wrong hands. But what can schools and colleges do to prevent this? Having spent the past 20 years securely setting up and managing the Office 365 platforms of hundreds of schools and colleges to prevent cyber-attacks, the same security weaknesses present themselves time and time again. In this blog, I outline the key security risks all schools and colleges should be aware of with the steps needed to prevent data and security breaches from taking place.
School Security Risk Number 1 – Not Configuring the School’s Communication and Collaboration Platform
Office 365 gives schools great features and functionality for communication, collaboration and teaching and learning but, like any cloud-based system, it needs to be securely configured to ensure that students and staff are working in a safe environment.
The main areas to focus on are email and collaboration solutions such as Microsoft Teams and Microsoft OneDrive. These are the services that are most at risk if not correctly configured and are constantly being updated with new features and functionality that many schools are not aware of.
One school in the southwest of Ireland contacted Wriggle Learning after students had shared a link to one of their class meetings on social media. Several external people then used the link to join the class meeting and caused disruption before the teacher was able to remove them.
We worked with the school to configure their meeting options and policies to ensure that all teachers had complete control over the people joining their online classes and to put procedures in place to prevent this from happening again. This emergency response was completed within the same school day and all staff and students were protected within hours of the original incident.
Unfortunately, these kinds of disruptions have been all too common in schools in recent months but luckily there are some simple steps schools can take to prevent this:
- Safely configuring Microsoft Teams meeting settings on all school accounts will ensure that these accounts remain safe
- Developing and communicating a school-wide policy on the use of these platforms ensures that all staff and students remain protected while communicating online
Wriggle’s cloud service team has put in place and managed the Microsoft Teams policies of hundreds of schools to ensure that only students can access their class meetings and that Microsoft Teams is a safe, secure, and reliable environment in which to communicate and collaborate with staff, parents and students.
Schedule a call with one of our experts to see how we can assist your school with securely setting up and managing your school’s Microsoft Teams and OneDrive accounts.
Security Risk Number 2 – Not Securing School Email Accounts
Phishing attacks are responsible for 93% of all cyber attacks. These attacks generally happen via email and can leave schools and colleges wide open to all of their credentials and personal data being stolen or leaked.
In another school that our team encountered, a student email account was phished and used to relay spam mail to hundreds of external contacts within the school community. This caused a chain reaction where the recipients responded to the spam mail, causing more and more accounts to be compromised and leaving the school significantly exposed. Wriggle Learning’s engineers traced the original attack back to its source, locked down all exposed accounts and retrieved the situation within a few hours of the original breach. Policies were then put in place to strengthen defences to phishing attacks in the school to ensure that a similar event would be prevented in the future.
In the case of this and other phishing attacks on schools, the key steps our engineering team took were to:
- Carry out an extensive audit of the school’s Office 365 services and configurations and any anti-spam software in place
- Strengthen and extend the school’s anti-malware and anti-spam protection to pre-empt and stop phishing attacks before they become a problem
Not all types of anti-spam software prevent phishing and other attacks on school accounts. If you’re not sure whether your school’s security software protects your school accounts sufficiently, talk to one of our experienced engineers today.
Key Security Risk Number 3 – Not Configuring the School’s Data Sharing Options
Schools have access to the personal data of every family and staff member within their school community, including financial, medical, or psychological information on many students. Not all staff need to have access to this information and yet many schools have no policy or settings put in place to separate school data and ensure that it cannot be shared by a third party.
To secure a school’s data-sharing options, the Wriggle engineering team takes steps to ensure that:
- Staff automatically have access only to the data that is necessary for them to know
- Files and personal or sensitive data stay safely within the school’s secured database and cannot be shared either deliberately or accidentally by any staff member.
This blog highlights just three of the most common security risks encountered in schools each year. For further information on how to ensure the correct settings are in place in your school or college to prevent data breaches or cyber-attacks, download our Top Security Tips for Schools.
Cyber attacks on all organisations have increased tenfold over the past year alone and it is vital that schools and colleges review their systems and policies to ensure that their data remains safe. Our engineers have created a school security survey to allow schools to assess which areas of school security they most need to focus on. Click here and take 1 minute to complete this short survey.