Firewalls, data back-ups and training staff to verify email senders are some of the actions colleges should take to protect themselves against cyber attacks, according to new government guidance.

The Education and Skills Funding Agency has published the advice today after colleges fell victim to phishing scams earlier this year, where genuine-looking emails were sent by fraudsters to trick people into sending money or private information.

As well as the tips, the ESFA release warns providers that they “retain responsibility to be aware of the risk of fraud, theft and irregularity and address it by putting in place proportionate controls”.

Phishing scams and malvertising – when malicious code is downloaded onto a victim’s computer after they click on, or even just hover over an advert online – are two traps the ESFA has warned providers of.

The release lists five strategic questions that education providers should use as a “starting point to consider cyber risk in their organisation”.

They include: Does the organisation have a clear and common understanding of the range of information assets it holds? Does the organisation have a clear understanding of cyber threats and their vulnerabilities? Is the organisation proactively managing cyber risks? Does the organisation have a balanced approach to managing cyber risk? Does the education provider have sound governance processes to ensure actions to mitigate threats are effective?

It goes on to list 10 “cyber security tests”, which are based on the National Cyber Security Centre’s ‘10 steps to cyber security’ guide.

As well as verifying email senders before sending payment or data, college staff should be trained to ensure they “understand the risks of using public Wi-Fi” and “understand the risks of not following payment checks and measures”, according to the ESFA.

One education provider that was a victim of a cyber attack earlier this year was Lakes College in Cumbria.

Fraudsters, perpetrating a phishing scam, hacked into the email account of principal Chris Nattress and sent a link to his contacts to “review and sign”.

When Nattress’s contacts replied to check if the email was genuine, the fraudster replied saying that it was.

They also changed the college’s phone number in the email signature by one digit, and made up a mobile number, so contacts could not check in that way.

The college’s digital team identified the issue before staff received any reports of a problem.

Education providers were first warned about phishing in an ESFA update in June, which said some had suffered “financial losses” after falling for this type of scheme, but it is unclear how many.

This is not the first time education providers have been targeted in such a manner: in 2014, emails purportedly from the Skills Funding Agency were sent to providers, asking them to send details that would allow the fraudster to take money from the provider’s bank account.

Latest education roles from

Cover Supervisor

Cover Supervisor

The Chalk Hills Academy - Part of the Shared Learning Trust

Teacher of English

Teacher of English

The Chalk Hills Academy - Part of the Shared Learning Trust

0.2 Lecturer in Garden Design

0.2 Lecturer in Garden Design

Capel Manor College

Casual Animal Carer

Casual Animal Carer

Capel Manor College

Learning Support Coordinator

Learning Support Coordinator

Capel Manor College

SpLD Tutor

SpLD Tutor

Capel Manor College

Your thoughts

Leave a Reply

Your email address will not be published. Required fields are marked *