In January this year, 16 Yorkshire schools made the national press – and not for the right reasons.
The Hope Sentamu Trust was the victim of a ransomware attack, targeting it’s 15 academies across Hull, Scarborough, Selby and York. Hymers College, an independent school in Hull, was also targeted.
As a Director of a Yorkshire IT business, I thought it would make a good case study. So, this is all about what we can all learn from an attack like this.
About the attack
Now, the full details here were not made public. However, we can get a decent picture by reviewing the newspaper coverage. It seems that the network was compromised over the Christmas holidays, causing problems for staff when they returned. The attackers demanded £15 million to return full access to the network.
The Trust took some systems offline as a precaution. According to reports in the Sun, teachers couldn’t plan lessons online and had to revert to pen and paper. We don’t know the exact extent of the problems, but one source referred to it as a “nightmare”.
To the best of our knowledge, the Trust didn’t pay, and are now back online. So, what can we learn? Here’s my take.
Lesson 1: No one is immune from attack
This is the most important take-away. Films and TV depict cyber crime as genius hackers going after governments and huge corporations. Most of it isn’t like that. Regional schools and businesses are prime targets.
Lesson 2: Protect your network
We don’t know the origin of the attack here – only the target. That was the Trust’s network, which would have connected all its schools and their systems. That’s why a single attack could affect all of them. It would be the same story with a business with more than one premises.
This makes your network a major target, which you have to protect. A strong firewall is just the start, but I’d recommend professional consultation if you don’t have in-house network specialists. You really want your network mapped and monitored.
Lesson 3: Watch your passwords
Make sure you’re updating passwords regularly, and be careful where you save them. Ideally, you should use a password management system for this purpose. That will allow central management of all of them. Oh, and “password123” is not a good choice.
Lesson 4: Fill knowledge gaps
Here’s a potential vulnerability you need to bear in mind: your team. Again, we don’t know the origin of this particular attack. But, when it isn’t direct hacking, phishing attacks are an extremely common cause of ransomware attacks.
The key is to ensure that your team is trained in spotting these. And I mean your whole team, including directors. You could have the very best password management, anti-virus and firewalls. But all it takes is one email fooling one person, and you could open up your entire IT infrastructure.
Lesson 5: Plan for the worst
Have all this in place, and you’ll be much better protected from attacks. But unfortunately, it can still happen. This is why every organisation needs a disaster recovery plan.
From what I can glean from the press reports, the Hope Sentamu Trust did seem to have something in place. Their statements indicate that they took regular backups, so could restore systems back to normal once the attackers were out.
Conclusions
Even without all the details of this attack, we can still learn something. Our schools are pillars of the community, but the criminals don’t see it that way. Any organisation could be a target. We should all work to make sure we’re not an easy target. If you want an expert look at your business’s cybersecurity, get in touch.