Online alternative provision: Why consistency is key

In light of current world events, we need to be prepared for an increase in cyberattacks that could significantly broaden potential security risk for all organisations.

Recent alerts from the National Cyber Security Centre (NCSC) have highlighted an increase in ransomware attacks targeting the UK education sector, likely influenced by schools welcoming their students back after winter lockdowns. Ransomware infects computer systems and prevents access to the system or its data, often by encrypting files. Users then receive a message from the attacker demanding payment in cryptocurrency to restore access. More recently, many attackers have threatened to release sensitive data to the public unless payment is made.

Schools are most commonly targeted through phishing emails or illicit software and technologies that can gain access to a computer remotely. Unfortunately, the media has reported on several schools which have suffered ransomware attacks over past years. One such school is a federation at which many several students currently attend Academy21.

These attacks can have a serious impact on organisations due to the time and resources required to recover. If attackers do release sensitive data, organisations also risk a loss of reputation. Ransom demands can be very high, and even when paid, attackers don’t always release their hold on the system, which is why paying the ransom is not advised. Given these complications, prevention is always the best method of counteracting ransomware and other cyberattacks.


How are we reducing our risk at Academy21?

At Academy21, we pay very close attention to security. Currently, we are working to reduce our risk of ransomware attacks by employing a cybersecurity model called Defence in Depth. This model offers higher protection by using several layers of security rather than relying on just one system.

Our biggest risk of ransomware is from phishing emails. To help combat this, we have filters on our email system which catch any suspicious emails before they can make their way to users. We have seen an increase in the number of phishing emails caught by these filters recently, proving the efficacy of the security system. These filters are monitored frequently, and improvements are always made where possible. In the case that a phishing email does bypass our filters, our protocol is to carry out an investigation as soon as possible.

In addition, we primarily use cloud-based systems. These give us better access to more security features, which transfers and reduces our risk. Cloud systems also reduce our need to use remote-access technology, which is one of the main pathways attackers use to target organisations.

All our Academy21 systems also utilise Microsoft’s leading secure user authentication for access. Internally at Academy21, our computers are fitted with the latest antivirus and firewall technologies to prevent unauthorised remote access and scan files for malicious software.

Finally, we also utilise user awareness and training as a security measure—something which is often overlooked by organisations. Through announcements, guidance, and informational articles, we train our staff to detect and combat threats.


At Academy21, we continue to review our systems for improvements which help strengthen our security, and we always recommend our clients to do likewise.