How To Protect Your School Against The Rise In Cyber Attacks
  • BenQ
  • 2024-07-10

52% of primary schools in the UK identified a cyber security breach or attack in 2023 and for secondary schools, that figure was even higher at 71%. In fact, all education institutions in the UK are more likely to have experienced a breach or attack in the last year than the average UK business.[1]

With the increase of technology in classrooms, schools are now more vulnerable to these threats than ever before. It’s therefore crucial that schools and teachers are not only aware of the risks, but have strong proactive and reactive measures in place too.

A study by the UK government has shown that, in the last 12 months, primary and secondary schools seem to have had less awareness of government guidance around cyber security. Tools such as the National Cyber Security Centre’s (NSC) 10 Steps to Cyber Security [2] and Board Toolkit [3], plus certification schemes like Cyber Essentials [4] have existed for a while, but with such low awareness the government have now taken more decisive action that puts more of the onus to provide cyber security protection on manufacturers rather than solely on schools. 

The Product Security and Technology Infrastructure (PSTI) Act

On the 29th April 2024, the UK government introduced the Product Security and Technology Infrastructure (PSTI) Act into law. [5] The introduction of this act means that all consumer connectible products must meet a certain level of security before they can be sold in the UK. 

As the name suggests, the first part of the bill focuses on product security and these new rules give the government the power to introduce specific minimum security requirements. 

Previously, just 1 in 5 manufacturers of consumer connectable products (an internet-connectable or network-connectable device such as smart speakers) had basic security embedded. In 2020, there were an estimated 12.9 million devices [6] like this worldwide and most of them lacked anything more than these basic features. This meant that millions of devices and customers were vulnerable to security breaches or attacks.

What does this mean for schools?

Schools may not have smart speakers in every classroom, but many have interactive whiteboards that have internet connectivity. This means that tens of thousands of classrooms around the UK are at risk from these vulnerabilities.

According to a recent government survey [7], phishing attacks are the most likely incident for schools to have experienced with 92% of secondary schools and 84% of primary schools reporting attacks in the last 12 months. This was closely followed by others impersonating the school through emails or online, and viruses, spyware or malware.

Nicola Pearce, Head of Education, BenQ, commented: “Schools are increasingly becoming targets of cyber incidents and threats, including phishing attacks, password breaches, and ransomware attacks. There were 347 recorded cyber-attacks in the education and childcare sector, in 2023, as a consequence of unauthorised access to school technology and systems, not only putting personal and private data at risk but also disrupting education

“When implementing technology into schools, staff and educators must carefully consider the potential risks and consequences of the technology, and whether the tool they have chosen is the most suitable option. They should also implement proactive measures and encourage a sense of cyber-awareness amongst students and staff to ensure a safe learning environment.”

How can you protect your school?

The introduction of the PSTI Act means that schools that have PSTI certified interactive displays will face fewer cyber security risks as manufacturers will have to implement many safety features as standard. However, cyber security needs to be a collective effort and there are still plenty of precautions and solutions that schools should be aware of to help strengthen their defenses even further.

Many cyber security incidents happen because an outside influence is trying to gain access to confidential information or your IT systems. By using measures such as a secure Account Management System (AMS) and Identity and Access Management (IAM) software, you can create and manage user accounts and permissions.

By giving each person their own personalised user profile, you can reduce the risk of unauthorised people accessing settings, user files, and folders. This also reduces the risk of confidential information such as emails or student data being exposed in the classroom as only resources relevant to each lesson will be displayed. On top of this, there’s the added benefit of allowing teachers to set up their workspace in the way that allows them to teach most effectively.

Measures for secure access

Protective measures around logging in should also be implemented such as MFA (multi-factor authentication), SSO (single sign on), and NFC card access. As teachers often log on to boards in front of a classroom full of children, it can be easy for students to see the credentials  being used to access systems. Granting access via an NFC card removes this risk and admin can revoke this which means that there’s less risk of someone else using it to gain access even if a card is stolen or lost. Other security methods like MFA and SSO provide additional levels of protection. With BenQ IAM software, it’s possible for IT professionals to integrate existing NFC systems such as door entry with BenQ AMS (Account Management System) for an all-in-one secure solution.

Of course, having these protections around logging in is a good start, but what happens when a logged in board is left unattended? It can be easy for teachers to get distracted at the end of the lesson or have to quickly visit another classroom mid-way through. In this case, enabling something like automatic inactivity tracking that logs users out after a certain period of time is an extra layer of security.

Supporting the IT team

Idle session log outs are just one of the features that IT teams can enable using BenQ cloud softwares, AMS and DMS . Interactive displays have been a gamechanger for teachers and students alike, but an increase in technology means an increase in workload for the IT team, so remote management is key.

BenQ cloud services allows IT members to remotely monitor and manage all of the boards across the school or, in the case of multi-academy trusts (MATs), across  multiple school infrastructures. This means that they can not only monitor things like power consumption of boards, but they can also push out firmware updates and security patches without having to travel to each board.

For an extra level of protection, security software can also be installed, and the network settings can be configured to make it more secure. EDLA certified interactive displays provide additional protection against common cyber security threats with the ability to limit access to the Google Play store inbuilt. [8] 

By choosing a board with both EDLA and PSTI certification, you'll be ensuring that your school is as protected as possible from these types of threats. You can learn more about BenQ’s cloud services and find out how to talk to an expert here.

References

1. "Cyber security breaches survey 2024: education institutions annex", Department for Science, Innovation & Technology, Home Office, UK Government, https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2024/cyber-security-breaches-survey-2024-education-institutions-annex, last accessed 10th July 2024

2. "10 Steps to Cyber Security", National Cyber Security Centre, https://www.ncsc.gov.uk/collection/10-steps?trk=public_post_main-feed-card_reshare_feed-article-content,  last accessed 10th July 2024

3. "Cyber Security Toolkit For Boards", National Cyber Security Centre, https://www.ncsc.gov.uk/collection/board-toolkit,  last accessed 10th July 2024

4. "Cyber Essentials", National Cyber Security Centre, https://www.ncsc.gov.uk/cyberessentials/overview,  last accessed 10th July 2024

5. "The UK Product Security and Telecommunications Infrastructure (Product Security) regime", Department for Science, Innovation & Technology, Viscount Camrose, UK Government, https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime, last accessed 10th July 2024

6. "Product Security And Telecommunications Infrastructure 2022", UK Government, https://www.legislation.gov.uk/ukpga/2022/46/notes/division/3/index.htm#:~:text=Examples%20of%20these%20products%20include,billion%20consumer%20connectable%20products%20worldwide., last accessed 10th July 2024

7. "Cyber security breaches survey 2024: education institutions annex", Department for Science, Innovation & Technology, Home Office, UK Government, https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2024/cyber-security-breaches-survey-2024-education-institutions-annex, last accessed 10th July 2024

8. What is Google EDLA? | BenQ Education EU