top of page

How can schools avoid being soft targets for cyber criminals?

If we asked you to picture a desirable target for cyber criminals, what would come to mind? Maybe a bank or financial institution; big tech companies like Apple or EE; Governmental departments; or maybe hugely profitable retail brands? Those are all, of course, correct answers. But what if we told you that schools are also in the firing line, would you be surprised?

Unfortunately, schools and higher education institutes are being targeted more and more by cyber criminals looking for an easy way to steal money and data. Whether it be down to tight budgets that don’t allow for secure firewalls, lack of education among teachers and staff or just plain bad luck, what needs to be addressed to make schools, universities and colleges more cyber resilient?

For this instalment in our Thought Leadership series, we hear from Paul Evans, co-founder and CEO of Redstor, on how schools can address - and recover from - cyber threats and attacks:

Cyber criminals are increasingly viewing education institutions as easy prey.

No surprise then that the UK’s National Cyber Security Centre (NCSC) recently warned of a spike in the targeting of schools, universities and colleges.

The Department for Education and the Government’s cyber security arm became so concerned in August that they alerted schools about the importance of putting adequate measures in place.

A Department for Education (DfE) circular warned schools that an increasing number of cyber attacks involving ransomware infection are affecting the education sector and advised an urgent review of existing defences to protect their networks from cyber attacks.

As CEO of Redstor, a company that protects more than 50% of schools in the UK, I know that this is a warning that no educational head can ignore. The financial implications and reputational risks are too great. There have been many cases recently where schools have been hit by ransomware that has encrypted entire IT estates, including on-premises backup systems, depriving staff and pupils of their data.

Unlike banks or big businesses, education establishments do not have large budgets to protect their networks and train their staff and often have holes in their cyber security. They, like many businesses, are often totally unaware that their backup data is vulnerable to ransomware too if it is not held separately from the network where live data sits.

There is also no shortage of staff and pupils who will inadvertently click on a malicious link or open a suspicious attachment, letting cyber criminals in and wrecking teaching plans as systems and computers stay down for days while a massive security clear-up takes place. A recent report by Specops, a password management software provider, found that clickjacking — tricking users into clicking on something other than what they think they are — is the most common form of hacking in education, at 66%.

Traditionally, ransomware is left buried like a landmine in an unsuspecting place – an email, a web page – in the hope a victim will trigger it. It’s potluck who activates it, but according to separate research by Specops, as many as seven in every 10 workers in the education and training sector claim they have not been trained sufficiently against cyber threats.

Cyber criminals demand money in exchange, not for how much data they have stolen, but for the victim to regain operational capability.Without the right protection, a school can take many days or weeks to get back to working normally again.

The proliferation of ransomware-as-a-service has contributed to the rise in recent attacks. Although generally lacking sophistication, the ransomware’s availability 'as-a-service' has led to an increase in activity by low-level cyber-criminals – with attacks typically aimed at smaller targets. Once cyber-criminals have got into a system, they are able to extort money through encryption.

The NCSC’s recent notification left schools in no doubt that they need to take cyber-security seriously and take immediate action to make sure their IT systems are adequately protected. Hackers appear to be taking advantage of system weaknesses such as unpatched software, antiquated systems or poor authentication and the NCSC reveals this has ‘had a significant impact on the affected education provider’s ability to operate effectively and deliver services’.

The rise in people using laptops remotely during the pandemic, often on unsecure networks, has caused major issues for IT departments worldwide. However, there is a far more sinister development that schools need to avoid at all cost. The coveted prize for any hacker that makes it into a school’s network will be to encrypt the backups. For this reason, onsite backup servers have become major targets for cyber criminals trying to ensure a ransom is paid.

If a backup is on the same network as live data and a ransomware infection takes hold, all data on

the network, including backups is susceptible. However, an offsite backup that has been encrypted at source is protected because it is held separately from the network where live data sits, meaning that ransomware cannot propagate to it.

The lesson for schools

The NCSC urges all education providers to review their existing defences immediately:

1) Ensure security patches are applied as soon as possible as this helps prevent hackers from exploiting known vulnerabilities to gain a foothold inside the network

2) Apply multi-factor authentication across the ecosystem to stop hackers moving across the network, gaining further control

A school also needs to know it can minimise the effects of a possible cyber attack or ransomware infection by recovering data quickly.

That means:

1) Backing up the right data

2) Holding backups separately from the network where live data sits

3) Testing frequently that all data can be recovered successfully

The ability to recover data quickly

If a school is infected by a ransomware attack then it is likely that all of its data, not just single files, will be corrupted.

Paying the ransom is fraught with risks. Even if the cyber criminals provide the encryption key, which they don’t always do, a school will typically have to call in a cyber incident response support company to help with decryption and ensure the ransomware is gone.

It will be imperative to recover all data in a timely manner both for operational reasons and from a compliance standpoint. Maintaining lessons would be so much harder for schools if malware deprived them of the computer-generated course materials that they are now so dependent on.

Having backups stored securely in geographically separate data centres ensures an airgap between live data and the backup, and encrypting data before it is sent to a data centre means a malicious file is unable to execute and cannot compromise the backup platform.

Many solutions tick the box of offline storage, but bandwidth limitations can mean they are extremely slow to recover or access vital data. One of the main reasons why so many schools and colleges in the education sector choose Redstor to protect their data is because of our unique technology InstantDataTM.

InstantDataTM enables IT teams to make backup data immediately accessible to all users while a full recovery completes in the background, a bit like how the streaming of Netflix works.

Staff and students can begin accessing and working with their data straight away, making downtime a thing of the past and leaving schools safe in the knowledge that they can recover and access their data in the event of a disaster.

Many organisations find testing their DR plans challenging due to the time it takes and the interruptions it often causes. With InstantDataTM, IT admins can instantly confirm their backup data is usable as well as test DR plans with ease.

Complying with GDPR

Recovering data can be a hugely time-consuming, if not impossible task, but that is not the only problem for a school that has been hit by a ransomware attack.

There is also the hurdle of avoiding financial penalties at the hands of the Information Commissioners Office for falling foul of the Data Protection Act 2018, which is the UK’s implementation of the General Data Protection Regulation (GDPR).

Article 32 of the GDPR clearly states that organisations must ‘restore the availability and access to personal data in a timely manner in the event of a physical or technical incident’.

The key words in this guidance are ‘timely manner’. Implementing a solution that would take days or weeks to recover data is not suitable.


Since 2005, Redstor (commonly referred to within the education sector as RBUSS) has been delivered by a network of specialist education partners (including 70 local authorities), to protect the data in more than 12,000 educational establishments nationwide.

Redstor was the first Capita-approved, fully automated, cloud backup and recovery service allowing schools and colleges to back up their data (including SIMS FMS and Discover) off-site, securely, over the internet and/or dedicated IP links to Redstor’s dual, highly secure, remote data centres.

With Redstor you can utilise Insight and industry-leading reporting to ensure all correct data is backed up. As a true cloud solution there is also no reliance on hardware and set-up can be done in as little as 15 minutes A free trial is quick to deploy and it is easy to scale up or down fast.

Not only does Redstor not require hardware on site, an archiving feature frees up primary storage space by offloading rarely accessed data to the cloud, avoiding further hardware investment. Archived data remains instantly accessible and this automated service is included in the Redstor price for data selected.

If a school opts to protect Microsoft 365 or G Suite data too, cloud and on-prem data can be viewed and managed in the same place, saving on time and operational overheads.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. To find out more, please click here.


bottom of page