Schools ICT services - Free advice from our ICT department
Over the past few months, there has been an increase in cyber-attacks on schools. These cyber-attacks are having some devastating consequences such as servers going offline, students having no access to vital resources, and schools having to close. So, we have decided to help schools with our ICT services.
It’s already been a tough year for everyone within the education sector. During the recent pandemic, students and teachers had to become accustomed to remote learning. We can’t imagine how difficult this was for both students and teachers.
However, at CapNet we have seen the struggle through watching our children join Zoom or Team Meetings each morning, as well as having to teach them lessons such as maths, science, or art. These are all subjects our parents did not prepare for.
This has made us even more determined to reach out to the education sector to offer our schools ICT services. We know that a school budget is extremely important. Especially as schools need it for vital equipment such as laptops, notebooks, stationery, and learning aids. This is why we are offering our services at a discounted rate that will beat any of our competitors.
Not only are we offering discounted services, but we also thought it would be useful to offer a range of free IT Support tips and tricks. By following these tips, you can reduce the chance of a successful cyber-attack which can help save a lot of money in the long run.
1. Report suspicious calls, texts, or emails to the school ICT department:
Phishing scams have been increasingly common over the last few months. It’s likely everyone has been the target of these attacks or at least knows someone who has.
Many of you will have heard of the scam text involving Royal Mail. The cybercriminals behind this scam sent out text messages to random groups claiming to be Royal Mail. The text stated 'Royal Mail: Your package Has A £2.99 shipping Fee, to pay this now please visit... Your package will be returned if the fee is unpaid.' The text message also contained a link that victims had to click on to make the payment. If someone clicked the link, it directed them to a website that was identical to Royal Mail. However, by typing in their card details, they were sending it straight over to the cyber criminals.
There have been many more scams like this over the past few months including calls from cybercriminals pretending to be from your bank. The calls are believable because cybercriminals will have done plenty of research beforehand and therefore, they will address you by your full name. Also, these criminals will come across as caring and helpful because they use polite mannerisms, tricking their victims with emotive language.
They might convince you that they've noticed suspicious activity on your account. They will then ask you to confirm if you made a large purchase on a certain date (knowing that you haven’t). This will cause panic. They may ask for more details and then send you a number over text. They might even ask you to call the number on the back of your card to make it seem realistic. Once you hang up, they will keep the line open without you knowing. When you dial the number, it'll direct you straight back through to them, or an accomplice. They will then ask for sensitive information, knowing at this point, their victim has fallen for their scam.
Though phishing emails, calls, and texts aren’t as common as the increase in ransomware attacks on schools, we have seen a huge increase in people reporting them. There is a high chance this technique will be used more and more in schools.
If anyone asks for any personal information such as logins, passwords, bank details, home addresses, or anything that you wouldn’t want a stranger knowing about you, don't respond and hang up. Then report it immediately. Even if they are genuine, it's not worth the risk of handing data over to cyber criminals.
Handing over a single user’s login details will open the school up to a mass amount of personal data being stolen.
Not only should everyone in schools follow this advice, but we also advise everyone is cautious outside of school. If someone asks for personal details, don’t hand them over.
We also advise everyone to read about how to spot a fake email, call, or text for more useful tips on avoiding a phishing attack.
2. Don’t just ignore anything suspicious:
If you receive a call, text, or email that you suspect to be suspicious, rather than simply ignoring, deleting, or hanging up on them, you should report it.
Though it's amazing that you've suspected it as being suspicious, there's no guarantee that someone else will. The more everyone reports these emails, the sooner your IT department can investigate blocking these types of emails, texts, or calls.
For example, if one teacher was to suspect an email as being suspicious because of incorrect grammar, another teacher who has had a busy day might miss these grammatical errors and respond to it. However, reporting this to your IT department can allow them to investigate the email and warn other members of staff if it is a scam.
You can also report any suspicious activity to Action Fraud. By doing this, they can investigate and alert other schools of a possible threat.
3. Learn about ransomware in school ICT lessons:
Ransomware is the most common attack being reported in the news at the minute. Cybercriminals are using this technique to target schools around the world, as well as businesses.
The reason this technique is so effective is that once a cybercriminal(s) obtains important data, they can use this to demand ridiculous amounts of money from their victims, to have the encryption key back. The demand can range from thousands to millions. However, most victims will try to negotiate a smaller price than what the cybercriminal(s) are asking for.
If their victims refuse to pay the lump sum, a cybercriminal(s) can find other ways to make money by selling the information to third parties on the dark web. Many criminals will buy the likes of email addresses, home addresses and bank details.
Some cybercriminals will even go as far as to publish the entire database of information online for everyone to see. Though it won't make them money, it will get their victims into a lot of trouble if they leak personal data. They can also use this as a scare tactic for future victims as they will know they aren't bluffing.
To avoid a ransomware attack, you should never click on any suspicious files in an email or a web browser. This is one of the easiest ways ransomware can be unleashed on devices and web browsers.
If you’re downloading a file from an email, or you're downloading resources to help revise for lessons, you need to be sure it's genuine. It’s really simple for cybercriminals to create fake email accounts or websites. So be careful what you click on online.
4. Learn about other cyber-attacks with our school’s ICT services:
One of the easiest ways you can spot a potential cyber-attack is by reading up on them. When I first began learning about different cyber-attacks, I had no idea how to spot or define them. However, I began researching them in the news. I looked at how cybercriminals were accessing systems and devices, or how people were falling for different attacks. This has made me more aware of how to avoid a cyber-attack in my job and at home.
For example, if I notice a suspicious-looking email in my account, I won't just ignore it. I report it. If I notice one in my work email, I don’t respond, I inform my manager, and then report it.
It’s always a good idea to tell teachers and your ICT department when you think you’re receiving suspicious emails, texts, or calls. This way, they can see if there’s a weakness in their security and purchase the right ICT services to prevent a potential vulnerability. It also means they can help you report the attack, so you’re less likely to receive them again.
Reporting suspicious emails, texts, or calls can help a lot of people. If no one had reported the Royal Mail scam, it wouldn't have made it to the news, leaving more and more people susceptible to falling for it.
As part of our school’s ICT services, we’ve produced an article on the three most common cyber-attacks and an article on how to spot a phishing scam. Both these resources can help educate you on the most common attacks, and help you spot them.
5. Create a strong password in school ICT lessons and at home:
Everyone in school must be complying with a password policy. This goes for all teachers, staff, and students.
If a single user has created a generic, weak password there's a high risk that a cybercriminal will be able to get hold of it. Access to a single user can grant them access to a wide range of information.
They can also use this account to impersonate the user and send out emails to staff or students. If others believe the genuine user is emailing them, they will be more susceptible to handing over more information or access to more systems.
You might be wondering how to go about creating a strong password. This is why we've compiled some tips to make sure you're making your password as secure as possible.
Not only should everyone be following these steps on their school’s accounts, but it's also best practice to do this on home accounts as well.
This is a simple step that everyone can do to stay safe in school and at home.
6. Use two-factor in school and at home:
Two-factor authentication provides an additional level of security on your devices and accounts.
Once set up, if someone was to sign into your account using a different device, you'll receive a text to alert you of this activity. If this is not you attempting to sign in, you'll be prompted to change your password. This will also refuse access to the person attempting to access your account.
However, if it is you, you will be sent a code that you must enter after entering your password. This is a unique code that is only sent to the number you have provided. Entering this final bit of information will grant you access to the account.
What makes two-factor authentication so great? Not only does it provide you with an extra layer of security, but it's also free!
Two-factor authentication can be set up on all accounts. This includes work emails, social media, and even gaming consoles.
CapNet school’s ICT services only deal with work emails. Simply give us a call, and we can sort everything out within 5 minutes.
If you're looking to set up two-factor on your social media, you can watch this useful video.
7. Use a VPN in school and at home:
Finally, we advise you use a VPN when handling sensitive data online. For example, if members of staff are sending personal information, we suggest connecting to a VPN to prevent anyone from intercepting and reading this information.
Equally, if anyone is using public Wi-Fi such as in a coffee shop, bus, or restaurant, we would also urge you to use a VPN. This will encrypt the data and make it unreadable to anyone who is watching what you are doing.
If you're interested in any of our school’s ICT services or need any more advice, please give us a call today.