This blog has been updated for 2022. Click to read the new version

We have put together the top five cyber threats that schools in the UK face this year, so you can take the right steps to protect your data.

Our top five trends that schools need to prepare for:

1. Ransomware

The most common way for schools to be infected with ransomware is when someone opens an attachment in an email. The email may look legitimate, posing as something they might expect to receive, but actually, it is from an attacker and the attachment is an executable programme that delivers the ransomware onto their device, encrypting all their files and making them inaccessible without paying a ransom. From there it quickly spreads through the network. In 2017 there were 327 new ransomware families created by attackers, this was a 132% increase on the previous year. A serious example of this type of attack was when the NHS was hit by the WannaCry ransomware. This caused widespread disruption to vital systems including life-saving equipment.

In many schools we saw the same type of ransomware encrypt all their files, leaving some schools without their important pupil records and lesson plans for as long as five weeks or, in some cases, not at all.

2. Coinminer malware

Coinminer malware is similar to ransomware in that it infects a victim’s device—a type of malware on the rise. Coinminer uses any spare computer power the school may have to generate money for the attacker in the form of cryptocurrency such as bitcoin. Thus, exhausting IT infrastructure and shortening the lifespan of equipment. This has now become a lucrative business with many organisations and even countries dedicating hundreds of computers to mining for cryptocurrency.

Unlike ransomware, this type of malware aims to stay silent and undetected, making it a lot harder to detect when a device might be infected. As with protection against ransomware, an advanced anti-virus and anti-malware solution is the best defence to this kind of attack but once again the infection is likely to come from a malicious email and so scanning emails for malicious payloads is best practice.

3. Business email compromise

This is a targeted attack where an attacker learns pertinent information about a school and uses it to trick staff into paying money or revealing other private details that can lead to further attacks. They may claim, for example, to be from a supplier that needs payment to a different bank account from normal and offer a plausible reason. They often target a newer member of staff, who may not have the wherewithal to spot the phony email address or signs of a scam.

These emails contain no links or attachments and can be very difficult to spot for more traditional anti-virus solutions. Sadly money has been stolen from schools and the resulting police inquiry has brought them unwelcome press attention.

4. Internet of things

It is easy to forget how many objects are connected to the internet or a network of devices and therefore potentially vulnerable to attack. Objects like CCTV, cashless catering, kiosks for visitors signing in, etc. all need to be secured. If not, you risk giving attackers control of these devices as well as providing a possible entry point to access your network. The outcome of which puts personal information, grades, exam information, into the palm of the hacker’s hand. It’s therefore important to secure any internet-facing devices.

5. Internal data breaches

Most data breaches in education are caused by human error. For example, accidentally sending an email with sensitive data to the wrong people, losing a USB stick containing sensitive data, sharing sensitive material on social media or unmanaged online file storage. These errors are often caused by people making mistakes because they haven’t had the right training or are so busy they fail to check things properly. This can result in compromised sensitive information on staff and students. Certain data breaches must be reported to the ICO. and can lead to fines and loss of reputation. For example, the University of Greenwich was recently fined £130,000 by the ICO for a data breach.

What can you do to protect your data?

While no industry, including education, is ever permanently safe from cyber attacks, there are ways to give your school the best chance of avoiding the threats described above. The safeguarding experts at RM Education have come up with a list of best practices to help you out.


Knowing what is connected to the internet and making sure you change your default passwords on such equipment will make them less vulnerable to attack. RM Education offers a vulnerability scan that will give you an assessment of your internet facing infrastructure and give you clear guidance if there are areas of weakness. You must also ensure that you have an asset register of all your devices to ensure that they are effectively managed, patched and secured.


Ensure that across your network and devices, you are running up-to-date anti-virus and anti-malware software. Ideally, you should deploy software that uses machine learning to determine when something looks suspicious, without relying solely on file signatures or databases of malicious web links. Schools often use multiple versions of anti-virus and anti-malware software (some of which is out of date) which may create conflicts or reduced protection. We can provide a next-generation anti-virus solution such as Trend Micro’s Worry-Free Services Advanced that uses technology to open files and links to websites in a protected area and see if anything malicious happens – it will quarantine files or block websites if it believes that the file is acting suspiciously.

To protect against credential theft, you should consider using multi-factor authentication, such as the system used in RM Unify. This is easy to implement and requires an additional method of authentication when you log in to your email or cloud services, this can be through a phone call, text message or even a simple app on your mobile phone.

A good patching routine will also reduce the likelihood of malware from being successfully installed but if ransomware does find some way of infecting your data then a good backup system is vital in recovering from such an attack.


Train your staff! Maintaining well-trained staff is your number-one defence against cyber crime. A vigilant member of staff can alert you early enough for you to reduce damage and prevent further attack. You may also want to consider using an internet provider that monitors network traffic going to and from the school, detecting and preventing intrusions in real time.


Think about what you can do to prevent internal data breaches. For example, turn off auto-complete on emails, restrict the use of USB memory sticks, provide reminders of threats to staff, to ensure that protection from cyber threats is top of mind in your school.


Plan for a breach – have a process in place so that everyone understands what they need to do should they suffer from a cyber attack and ensure the school has a daily backup routine, ideally with data backed up in the cloud. Data stored securely in the cloud will be retrievable from any location and can help a school restore what they have lost from their on-site attack.

Security you can trust

RM Education is an expert in the field of education technology. We have been providing technology for schools for over forty years and are committed to providing best-in-class safeguarding solutions that stay ahead of the curve. We offer specialist tools and services to help you complete the above best practices and ensure you have the safest IT network and digital learning environment. We have a range of easy to implement checks and audits to identify any potential areas of concern or reassure you that your school is well protected. Contact us today to find out how we can ensure your school is resilient against all manner of cyber threats for this new term.

Categories: Safety and security

Share this post
back to top button
back to top button