Data Security and Cyber Security are critical areas for all schools. Data and cybersecurity are concerned with managing school data to make sure it is secure, and to protect it from being deleted, lost or stolen.
From a school perspective data security aims to protect school systems, devices and the data stored on these systems from data loss, damage or theft.
Schools need to ensure that important school data is not lost, damaged, or compromised and that the systems or devices that the data is stored on are protected.
Cyberattacks are attempts carried out over the internet by third parties to steal or compromise systems or data.
Cybersecurity uses technologies, processes and controls to protect systems, networks, devices and data from cyber attacks. It aims to reduce the risk of cyber attacks and protect against data loss.
When a computer becomes infected with ransomware it encrypts (or locks) the files so that they can’t be accessed. Advice is provided below for schools on how to reduce the risk of data loss and cyber attack.
Important Information for schools
Cyber Security Advice for schools
Data Security is critical for all schools. There have been some recent major ransomware attacks which have caused a lot of problems for computer users. When a computer becomes infected with ransomware it encrypts (or locks) the files so that they can’t be accessed. It will also try to encrypt any linked drives or folders that the infected computer has access to. Ransomware attacks generally demand a ransom before files can be restored. We recommend NOT paying any ransom, as this encourages more ransomware, and there’s no guarantee that the files will be unlocked. A computer can become infected if the user opens a corrupted email or if they visit a website or link that has been compromised. Ransomware can cause a huge amount of disruption.
Here are some key preventative steps to take to reduce the risk of being affected (this applies to laptops and home PC’s too):
- Avoid dubious websites and downloads. Refrain from opening attachments that look suspicious. Think twice before clicking.
- Beware of any suspicious looking emails. You should never open any email with an attachment if it is from an unknown source and even if it is from a known source you should still be cautious, especially if it is unexpected or unsolicited. You should also avoid clicking on any embedded HTML links in an email and should be aware of the dangers posed by certain websites.
- Some devices are more at risk to viruses than others. Chromebooks and Apple devices such as iPads and Macbooks are considered at low risk of being infected by viruses, and as such don’t require Anti-Virus software to be installed on them. Also Microsoft’s latest ‘Windows 10’ Operating System (OS) has integrated Anti-virus software as part of the operating system, (unlike older OS versions such as Windows 7), there is a lower risk of a device being infected by a virus.
- Installing software updates as they are made available from software providers.
- Backing up important files, You have a good backup in place that is safe and secure.
- In the event a suspicious process is spotted on your computer, instantly turn off the Internet connection.
- Ensure your Wifi is secure.
- Switch off unused wireless connections, such as Bluetooth or infrared ports.
Advice on preventing ransomware from infecting your computers:
Here are some useful links to assist schools:
The National Cyber Security Centre: https://ncsc.gov.ie/guidance/
Quick Guide: Cyber Security for schools: https://ncsc.gov.ie/pdfs/NCSC_Quick_Guide_Schools.pdf
The National Cyber Security Centre has produced guidance to help organisations understand and protect against ransomware. https://twitter.com/Dept_ECC/status/1452958940141084679
Beware of Unsolicited or SCAM Emails or Calls
Your school receives a call or an email, with a ‘seemingly helpful’ message that an external party is contacting you to fix an IT problem in your school or on your computer. They may say that they’re contacting you from a company that already provides services to your school, so the company name/email they provide may be familiar to you. Unless you can be sure that the email or phone call is genuine you may be a potential victim of an attempted scam. The motivation for scams is to gain access to your login information or bank details (pins, passwords etc.,) for illegal/fraud related financial gain.
The caller/email may say that in order to fix an IT problem, they need you to access a particular website. The website may look genuine and helpful, with familiar logos, so as to gain your confidence. They may ask you to click on a link on the website. Scam or ‘phishing’ emails usually contain a link to a malicious fake web page, which is used to capture your login details. Don’t click on any links or open attachments. Scammers may ask you to download a software update to your computer to ‘fix’ a problem. Once their software is activated on your computer, the main damage could already have been done.
If you suspect that you’ve been the victim of such a scam, take the following steps.
1. Turn off your computer immediately.
2. Disconnect the computer from the school network by plugging out its network cable.
3. Contact your Bank and Credit Card provider for your school accounts. Explain what has happened and follow their advice. Ask if you need to cancel or freeze your accounts/cards.
4. Contact your school IT support company and inform them that you may have been the victim of a scam. Explain what took place, and follow their advice.
5. If you have the phone or email details of the potential scammer, report these to the Gardai.
Other Important Points
1. Never reply to suspected spam/scam emails
2. Always use ‘strong’ passwords and never use the same password for multiple websites
3. Never disclose login details, passwords, PINs, bank or credit card details to other parties
4. Keep your computer’s operating system, email application and web browser up to date
Some relevant website links: