Protect your school from cyber-attacks and cyber security breaches
Cyber-attacks are becoming more frequent and can affect anyone, not just large organisations and business. The education sector is not immune from these cyber threats and there are New Zealand schools that have already been severely impacted.
Successful cyber-attacks can result in either permanent loss, or public exposure of, important or sensitive information, as well as ongoing disruption to school business while recovering from a cyber-attack.
Here are some actions schools can take to strengthen your cyber security and reduce your risks:
- Backup important data from your school network regularly.
- Phishing and other email scams - ensure your staff and school community are aware and vigilant.
- Update your software and devices when patches become available.
- Install antivirus software on your devices.
- Only use a secure connection to access your school’s network remotely.
Backing up your school’s important data
Reliable backups are essential and increases the chances your school can recover from a cyber-attack. To ensure your school is backing up important data and settings, we recommend you discuss backups with your school’s tech lead, your board, and your school’s ICT provider. You need to ensure that:
- Backups of important information, software, and configuration settings are performed monthly at the very least. (Plan to move to backing up important information daily.)
- Backups are retained for one month at the very least. (Plan to start retaining backups for at least three months.)
- Backups need to be stored separately away from your school network. (These backups must be stored either offline, or online in the cloud in a non-erasable manner.)
- You have tested that you can restore from your backups.
Be aware of phishing email scams
You need to ensure your staff and school community are aware and vigilant about email scams and phishing attacks. Phishing emails are a type of email scam where the sender tries to trick you into giving away information, installing computer viruses, or accessing your systems to steal data or for financial gain. Scammers are becoming highly sophisticated and use emails that will often pretend to be either a person or organisation you know. Successful phishing campaigns have resulted in schools being locked out of systems and unable to recover their own data. To start protecting your school from phishing email scams we recommend you advise your school community to:
- Check the sender is actually who they say they are.
- Treat with suspicion, any requests via email for passwords, user names, bank details, or urgent payments, or links in emails asking you to update these details.
- If unsure, confirm the sender of the email by telephoning them.
- Always send emails to the school community from an email address that is associated with the schools domain name.
- Do not send password information (e.g. for parent portals) via email
- Report suspicious emails or security incidents to CERTNZ (external link)
What else can your school do?
Cyber security is a challenge facing the entire education sector. In addition to implementing backups and making your school community aware of email scams we recommend that you discuss the following with your school’s tech lead, your board and your ICT provider:
- Ensure the devices and software your school uses always have the latest updates.
- Install antivirus software on all your devices.
- Use a secure connection to access your school’s network or systems remotely. Either your school’s ICT provider or N4L can assist you with this.
- Follow the guidance that CERTNZ provides on keeping your school network safe (external link)
Last reviewed: Has this been useful? Give us your feedback