As IT professionals in the education arena, we’ve seen some things.
Things that would horrify you.
Things you would never want to encounter in your own establishment.
We’re talking security breaches, data theft and file corruption. That have brought entire schools to their knees.
This is something that you – as the Headteacher, IT or Office Manager – really don’t want to happen.
Because it only takes one click from a well-meaning member of your team on one bad link. And that could mean the difference between a thriving school or office, and disruption so severe, it makes teaching impossible.
You don’t need us to tell you that data loss can lead to a huge loss of confidence from your suppliers and staff.
And often the cost of rectifying a situation such as this can be phenomenal.
So, we at Cablers want to share the secret behind keeping your business data safe
Of course you should have an IT partner protecting you with a blended security package (blended means getting the right mix of security products that protect you and your staff, without inconveniencing you while you’re trying to work. It’s a balancing act).
But there’s something else, that in our view every business should invest in, every year.
Cyber security training
Though it may sound simple, you’d be surprised to learn how many schools and businesses underestimate the importance of campus or company-wide security awareness.
And yes, we really do mean company-wide.
Your whole school, academy, trust or business, from the new entry level person to the Headteacher or CEO, should take part in formal data security training, regularly.
A strong cyber security culture is one of the best ways to keep your school or business safe from the increasingly sophisticated threats out there.
Because hackers use automated tools to look for vulnerabilities in every establishment, all the time.
And yes this includes yours. Remember, it only takes one click from a well-meaning member of your team on one bad link. And that can unwittingly let hackers into your system.
“But my people are savvy professionals. They’re not going to fall for a scam”
We hear this often.
And yes, your people are savvy, but so are cyber criminals.
Cyber-crime is evolving. And there is always another scammer or hacker around the corner waiting to take advantage of a technology flaw or stressful situation (hello, global pandemic).
Your business or school can never be too prepared.
Take a look at phishing for example. You’ve heard of that, right?
But do you and your team actually know what it is?
Phishing is a common tool used to extract information such as login credentials or credit card details by email, telephone or even text message.
You may think that your team are above falling for an email from their ‘long lost uncle abroad’. But phishing scams have come a long way since those days.
Today, phishing emails are far more convincing. They often claim to come from someone credible, such as your bank, a client or supplier, or someone else you know.
They’ll ask you to click a link to update your details, or change a password. But instead of being taken to a legitimate website, you’ll be taken to a very convincing duplicate.
And once your details have been entered, you’ve given them away.
For more advise on how to spot a phishing email, and how to report them, visit this Government website: www.gov.uk/report-suspicious-emails-websites-phishing
Other times, you’re sent an attachment – again, seemingly from someone you know – which, when opened, will install malware on your device (or across your whole network)
This can then allow criminals to steal data, or deny you access to your own information (that’s called crypto locking).
The Government’s National Cyber Security Centre has a lot of information on how to deal with this type of cyber attack and what to look out for to make sure you are not caught out.
Then we have spear fishing. Instead of phishing, which is aimed at anyone, this is targeted at specific individuals.
Typically the attacker has spent time learning a lot of information about you (your name, role, company information, etc). And then uses this to their advantage.
If they target someone at the top, this is called whaling (also known as CEO fraud).
They’re targeting people at the top as they have access to the most sensitive data.
Whaling attacks are often planned for a long period of time. And when they work, give huge financial gain to the cyber criminals.
Then there’s pharming, which asks you to take an action on what looks like a familiar website.
Except if you look very carefully, the website address is slightly different to normal. It’s a scam site, and any information you enter will go to the criminals.
There is a scarier version of pharming where the criminals manage to divert traffic going to the real website. These are really hard to detect.
To ensure websites are secure and not as easily accessible to hackers, make sure they are certified by the small padlock symbol on the side of the URL bar. (To view the sites security credentials, click on the padlock symbol).
Often there are tiny little clues that give the fake sites away, if you know what to look for.
Spoofing is the term for when you receive an email pretending to be from someone you know – such as your accounts department. And it’s asking you to go to a link to reconfirm your details.
This type of scam is often used to download malware or ransomware rather than to steal your credentials.
Then we have smishing, which is phishing with text messages (SMS). And vishing, which is phishing on the phone, or voice phishing.
You receive a phone call from a blocked or unusual number. The caller will pretend to be from somewhere familiar and ask you to carry out actions, or make a payment.
These are pretty common. So if you or your team are ever unsure, make sure to hang up, then call the company back on the number you have for them (and never the number the caller gives you).
Can your school, academy or business really afford to underestimate the importance of good cyber security training?
As you can see, it really does take just one action to open up your school or business to this kind of threat.
This is not an exhaustive list. There are plenty of other ways that cyber criminals will attack your establishment.
You many think your people are pretty hot on cyber security. And hopefully you’ve got the latest security software protection across your whole network.
However, it’s always a great idea to add another level of human protection. Because schools and businesses like yours really are prime targets for cyber criminals.
If you’ve never implemented security training before, now is the perfect time to start creating new habits. After all, your team will have seen enough change this year to be open to just about anything!
Employee education is one of the best business tools you can invest in. And it could end up saving your organisation from disaster.
But the benefits of regular training don’t end there. It’s a great motivational tool, too. Your people will feel invested in when they have relevant training, increasing engagement all round.
Remember to make sure that everyone, from bottom to top, undertakes regular training. Because a cyber-criminal really isn’t fussy about who clicks that link… just as long as someone does.
If you don’t currently have an IT partner who can deliver appropriate data security training to your school, academy or business, contact Cablers today on 01787 221166.
Our team of experts would love to help keep you informed and protected.
About Us: Established in 1997 in Earls Colne, Essex, Cablers provides IT services to both the Education and Business market sectors in Essex, Suffolk, North & East London.
Murray Thorpe, Managing Director saw that many schools had legacy IT equipment that had been slowly going out of date, network security was patchy, and protocols were tired. Training school staff on usage of equipment was also under-utilised, so often investment had been made in equipment, but a lot of the staff didn’t know how to use them to their fullest potential.
Cablers was created to be a central solution for education and business. Our main ethos is to increase efficiency and minimise costs for our clients, by being a single port of call for support, software, hardware, cabling and training.