Need Urgent Help?
Get in touch with our Emergency Support Team:

0113 887 3999

Cybersecurity attacks are constantly happening. Yet there’s been a recent, worrying rise in the number of cases being reported by multi-academy trusts (MATs) and schools across the UK. They’re usually carried out by organised groups, but they can also be actioned by individuals – sometimes even pupils themselves, who use the dark web to pay for attacks.

Cyber(security) incidents take many forms, from invoice replacement fraud to legitimate-looking phishing messages that convince you to enter your credentials so you can be impersonated and facilitate a compromise or attack at a later date. Attackers also use combinations of attacks to gain access to your systems. Some of the worst incidents are ransomware attacks, where the attackers encrypt your data and servers then hold them to ransom. (BBC Radio 4’s File on 4 has an excellent programme that discusses how a group of UK schools dealt with the aftermath of a cyber extortion attack by Russian hackers.)

Attacks on your school, like these, cause huge disruption to teaching and learning. Yet there are steps you can take today that’ll help you understand if your operating systems are fit for purpose to protect your school and prevent attackers from accessing your systems.

What’s happening?

MATs across the country are falling victim to similar attacks, which are typically automated and carried out at high volume. In fact, according to a 2023 survey, one in three schools said they’d been hit by fraudsters impersonating staff emails, with data leaks also on the rise.

In December 2022, Dixons Academies Trust – one of Bradford’s biggest school trusts – was hit by a cybersecurity attack that caused huge disruption, cutting off systems and limiting communication. MATs in Hertfordshire experienced a similar breach, and attackers at a Herefordshire trust even stole students’ personal information and released it on the dark web.

Why are MATs badly affected?

The risk of cybersecurity attacks increases as your MAT grows. This is because you’ll often find each school in the trust has separate and differently configured systems often managed by different staff to different degrees. There’s no common configuration, so it’s harder to secure your systems. Trying to secure them, and not getting the steps right, opens them up even further to possible attack vectors.

We believe attackers target MATs because an attack on one school puts the entire MAT at risk. In all likelihood many of the attacks will be indiscriminate anyway and the fact that a MAT or council or business is affected is not understood or intentional. Breaching email security is a common vector as this opens up social engineering opportunities as well as the ability to spread the infection around the organisation and to others interacting as attackers will typically gain access to inbound and outbound email flows. This compromises systems and accounts, and widens the responsibility of the trust as a whole.

What do you need to consider?

It’s important to identify where, and how, the attackers could be breaching your systems to understand how best to protect yourself. But it’s even more crucial to prevent the breach from happening in the first place, especially when most schools and trusts either don’t have a robust cybersecurity policy  or aren’t sure whether what they have is fit for purpose. Ask yourself:

  • if you know what your security posture is
  • what systems you have – how are they linked, and how are they secured?
  • who is responsible for setting up secure systems and making sure they’re performing properly
  • whether you are only using the free licensing SKUs for Microsoft and Google. Do you know if these have the security features you need to secure your data?
  • whether you are using multi-factor authentication, and if it is set up correctly.

If you can’t answer these questions yourself, you need to make sure those who set up and maintain your systems can – and that you trust that they’ve done everything right.

How can you stay safe?

The best way to prevent cybersecurity attacks is to make sure your systems are set up to properly and are able protect you from and alert you to breaches. For MATs we believe that a unified, standardised system is key. This has huge benefits, reducing complexities and differences across schools, reducing management overhead and making it easier to secure as a result.

Naturally, there will be some risks when putting a standardised system in place in your MAT. Here at Afinite, our IT consultancy team can work closely with you to make sure everything is set up securely.

We’ll tell you:

  • your areas of concern, such as unsupported and outdated software
  • if your networks are appropriately segmented and secured
  • if your remote access is appropriate and safe
  • if you’re using identity providers properly. For example, do you have separate catering systems, information management systems and email systems, and are they connected?
  • what your Microsoft 365 Secure Score is, and how you can increase it as well as what this means
  • whether your staff are using trusted devices, and if those devices are enrolled in the right management to ensure compliance with policies
  • if your staff are monitoring the security dashboard for alerts and incidents.

Understanding your situation helps us highlight where you need to change things, and gives you the strategic and operational guidance for making sure your systems are suitable for your school.

What happens now?

The easiest way for your MAT to work out its risks and how to overcome them is through our one-day, free of charge review consultation for schools and MATs in Yorkshire. We’ll discover what systems you have in place and evaluate whether they’re effective and right for you to prevent your MAT from cybersecurity attacks and keep your staff and students safe and secure.

Following the review, you’ll receive a report showing you what we’ve found out and the changes we suggest. Then, if you ask us to implement them for you, we’ll design a better way of working safely that meets your trust’s goals. We’ll execute that design and put the project in place in your MAT working with your ICT staff as appropriate, which will include awareness training for staff and checking they’re vigilant (with quick tests to show their awareness of phishing scams and emails). Finally, we’ll ensure everything is suitable so it runs effectively and efficiently.

Cybersecurity attacks on your MAT are hugely disruptive to teaching and learning. With Afinite, you’ll avoid breaches with correct system configuration, third-party expertise and the reassurance that your security systems are up to standard.

Book a review for your MAT or talk to us about how we can protect your school’s systems today.

You can arrange a meeting with one of our team here, just choose the time that best suits you below.


Book a Meeting

Share Via:

Related Blog Posts

18th April 2023

What is LastPass? LastPass is a Password Manager that, at least until recently was very popular for both individuals and organisations to store, share and manage passwords. You might have…

1st December 2021

Earlier this year, Microsoft began the journey of building the first employee experience platform (EXP) for the hybrid era with Microsoft Viva. Their vision was to foster a culture of human connection, purpose,…

Get In Touch

Whether you’re having a complete system overhaul or whether it’s
something specific you’re having a problem with.
We’re here to help.

Contact Us

Or Call Us On:

0113 887 3999