Cybersecurity Training For Teachers Is Key To Stopping Phishing In Schools

Schools have become a prime target for cybercriminals, with phishing now the biggest threat. In fact, 89% of UK primary and secondary schools experienced a phishing attack last year, the Department for Science, Innovation & Technology reveals. 40% of higher education institutions also reported serious repercussions after phishing attacks, such as, data breaches or financial loss. So, what makes schools such attractive phishing targets? The answer lies in the fact that they often store a lot of sensitive data, but lack the IT resources to properly protect it. The good news is teachers do have the power to fight back against phishing. If they work to improve their cybersecurity awareness and learn how to spot and report suspicious emails, teachers can protect student and faculty data and keep classrooms running smoothly.

Why cybercriminals focus on schools

Schools are vulnerable to hackers, mainly because phishing scams can easily fool staff into handing over access to the vast amount of personal data they keep. This data includes names, addresses, and national insurance numbers of students and faculty, which can then be used for identity theft and fraud. What’s worse, hackers can even use data stolen from young students to apply for loans or credit cards without anyone noticing until years later, potentially when the student becomes an adult and tries to open their own, real account. Schools’ financial records, including those of staff and families, are also highly sought after by hackers, usually for identity theft or extortion.

To make matters worse, many schools can’t afford to invest in cybersecurity. In fact, around 7% of UK schools don’t currently have a dedicated cybersecurity budget in place. For 37% of schools, other priorities take precedence, while 28% say cybersecurity is simply too expensive.

Multi-layered approach builds cyber resilience

Given these challenges, schools need an affordable, multi-layered approach to cybersecurity to stay safe against increasing phishing attacks. This ideally starts with software that continuously monitors school networks and systems for phishing-related threats, in addition to other cybersecurity concerns. Shockingly, educational institutions were on the receiving end of 21% of all cyberattacks last year, more than both the healthcare and technology sectors. That makes strong school security software all the more valuable to spot and prevent threats, and keep student and faculty data safe. If something looks fishy, cybersecurity experts step in to investigate and get rid of the threat.

Firewalls are also a must-have to block traffic that could potentially lead to a phishing situation. In fact, schools and colleges are actually required to have them as part of the Department of Education’s cybersecurity standards. Multi-factor authentication (MFA) is another key layer of protection. It makes it useless for hackers to steal passwords, because they still need to complete a second step (like a code sent to a phone or app) to get in. As a bonus, MFA also alleviates the stress of juggling multiple complex passwords, something known as “password fatigue” and commonly experienced by teachers. This makes life easier for them and also keeps school networks safe.

Cybersecurity training cuts phishing risk in schools

Although technological defences are important, teachers can also increase their digital awareness and play a direct part in preventing phishing attacks, particularly in areas where IT resources may be limited. In fact, 84% of organisations have already found that regular security training stops employees falling for phishing scams. To this end, the UK’s National CyberSecurity Center has just launched a free cybersecurity training course for teachers, which comes with a certificate upon completion. As part of the course, teachers learn common phishing techniques (such as, bad grammar and urgent requests). They’re also taught to adopt a “if in doubt, call it out” approach: basically, if you’re unsure about a link, ask for help. If anyone suspects they’ve been targeted, they should report it to their Head Teacher or IT team immediately, so they can quickly sort out any problems.

With phishing attacks on the rise, teachers must develop their cybersecurity skills and learn how to spot and report threats fast. A multi-layered approach that combines technology defences and staff training can do much to keep schools safe and secure.