Republic in the Education Sector

Cultivating Cyber Secure Behaviour in Education

From widening access to information, to remote learning and accessibility, technology has had many positive influences on the education sector.

However, the emergence of new technology has inadvertently created novel ways for attackers to conduct their fraudulent activity, whether that be against schools, staff, or students. As a result, the weaponisation of technological changes has become a lucrative endeavour for cyber criminals, demonstrated by the fact that in the first half of 2023 alone, fraudsters stole over half a billion pounds (£580m; UK Finance, 2023). Of the attacks taking place, those against the education sector remain commonplace, as schools are perceived as soft targets, who possess large amounts of personal information with often minimal defence capabilities.

Cyber attacks often, if not always, involves an element of manipulation; convincing a person to do something against their best interest. As such, successful attacks not only have financial implications, but also often result in psychological harm, trauma, and aversions to technology, that have significant ongoing impacts on the personal life of victims (Button et al., 2014).

Mechanisms for Manipulation

The three most popular methods used by cyber-criminals in the education sector according to the National Cybersecurity Schools Audit (2022) are:

Phishing

Fraudulent emails from attackers used to deceive staff into revealing sensitive information or clicking a link.

Spoofing

Attackers impersonate someone else to gain a victim's confidence, access to a system, steal data, or spread malware.

Blackmail

Attackers target individuals and try to manipulate them often using personal information.

Attack In Action

Wooton Upper School serving over 850 students was hit by a ransomware attack July of 2022, in which cyber-criminals stole many personal details and demanded £500,000 for the release of the data. The attack likely originated from a previous data breach, in which either the school, or someone in their network was successfully exploited. This demonstrates the importance of positive security behaviours, in not only the protection of the immediate environment, but those around you.

Alongside being held to ransom, the attack led to operational disruption, affecting scheduling for the following academic year, and the production of grade sheets. Though the ransom was not paid, the attack likely negatively influenced reputation and confidence in the school, and may open up those whose data was stolen to future targeted attacks.

How Does Republic Help Prevent These Kinds of Attacks?

Republic assesses and intervenes on behaviours that increase the risk of a successful cyber attack, such as:
  • Responding to a suspicious (behavioural exploit)
  • phishing message or email, vishing call or smishing text.
  • Connecting freely with unvalidated connections.
  • Not challenging strangers or doing so unconstructively.
  • Failing to report when something is wrong.
  • Ignoring incident cues, like spotting red flags on websites.
  • Undertaking risky online behaviours (e.g., trolling).
  • Working in public.
  • Poor password hygiene (e.g., password sharing).
  • Poor staff well-being.

Start Protecting Your School Today

Please let us know what's on your mind. Have a question for us? Ask away.

Latest Post

recyber logo_female2
Products
  • Republic
  • Services
Contact Us
Newsletter
Get exclusive deals by signing up to our Newsletter.
Follow Us On LinkedIn
© Recyber Opco Ltd, 2025. Registered in England - Company number 15294137