Schools escaped the global cyber-attack through ‘luck’, warns expert

Credit: This story was first seen on TES

Budget pressures are ‘likely’ to have left schools more vulnerable to a major cyber-attack, according to a senior figure representing school business managers, TES reports.

The warning from Stephen Morales, chief executive officer of the National Association of School Business Management, follows this week’s global cyber-attack, which brought chaos to parts of the NHS but left schools unscathed.

He said: “Across the country some schools are ready to defend themselves from future attacks, but it is a mixed picture.  Local authority maintained schools should be supported through LEA contracts, but many will have chosen to go their own way and the quality and robustness of IT support will vary enormously.

“School business professionals need to be prepared for cyber-attacks and to have clear checks and reviews, as well as processes in place if an attack happens. However, the pressure on school budgets means that it is likely there will be less, rather than more, capacity to ensure schools are prepared and protected from attack.”

Meanwhile, an IT expert has warned that schools have escaped the recent cyber-attack through pure “luck” and must ensure their software is up-to-date and that staff are sufficiently trained.

Toks Oladuti, who works in an independent girls’ schools trust in London, stressed the importance of schools taking precautions.

Mr Oladuti consulted and managed IT in the corporate world before going into education, and said it was “luck” that schools up and down the country had not been targeted this time round.

The director of information systems said: “There is no reason why in the future there wouldn’t be a targeted attack on a large number of schools. And the likelihood is that some will click on a [risky] link.”

In his schools, he said, there is up-to-date patching, anti-malware software and robust backups – but the latest scam only requires an end user to click on a link in a malicious email to fall victim.

You might also like...  New statistics show the complexity of Cambridge access efforts

Mr Oladuti said: “Good systems and staff training are both as important as each other. You can have all the systems in place but the gatekeeper is the end user. If people are busy then they have a tendency to click on something without thinking. I mitigate this as much as possible through regular training and reminders.”

According to Mr Oladuti, schools need to employ someone who can ensure the infrastructure is up-to-date, and must have a plan – and appropriately-skilled staff – in case an attack occurs.

Mr Oladuti added: “You are never ever going to be protected 100% – it’s about minimising the risk.”