UHY Hacker Young | Chartered Accountants

Protecting your Academy from cyber crime

26 March 2019

Cyber crime is an increasing threat throughout the business world, so how protected are Academy trusts against this threat?

Cyber crimes come in many forms but the most common forms are:

  • Loss of data (financial or personal) from hacking
  • Loss of systems/data from ransomware
  • Fraud

The loss of funds through fraudulent activity is bad enough, but with the introduction of GDPR last year, the loss of any personal data through a cyber attack could leave an Academy trust in all sorts of bother with the Information Commissioner’s Office (ICO).

Cyber attacks on schools on the rise

Data from the ICO has recently shown that the number of cyber-attacks on schools rose 69% in 2018. So Academy trusts cannot assume that cyber crime will be isolated purely to commercial businesses. Even the NHS has become victim to cyber crime!

Fraud, theft and irregularity are a constant risk to public funds, and therefore school leaders need to make sure that they have robust procedures in place to protect their trusts from this threat. The use of robust firewalls, antivirus software, strong passwords and routine back-ups of data is a must. They also need to ensure that staff are trained to ensure they check emails are from genuine senders and understand the risks of using public WiFi and not following payment checks and measures.

Imagine the scenario where a member of the finance team receives an email from the Headteacher who needs £30,000 paid to an IT contractor to secure some new laptops at a ‘discounted rate’. Often this will come across as an urgent request with no time to follow the usual procedures. How robust are the trust’s procedures to stop and think whether this request is a genuine one?

Preventative training and procedures

This is becoming an increasingly more frequent form of cyber crime and is an easy one to stop if the right training and payment procedures are in place. Stop and think:

  • Hover over the email – is it the right address? Emails can be easily cloned.
  • If it is that urgent then why wouldn’t the Headteacher phone up? So give them a call to check.
  • Is the IT supplier on the approved list of suppliers? If they are, do the bank details match those already on the system?

It is worthwhile reviewing where potential systems weaknesses are that could leave the trust susceptible to attack, and our experts are happy to advise on the subject.

If you would like more information, or have any academy school-related questions, please contact me or your local UHY academy expert. Alternatively, to read more academy schools blogs please click here.