Data and Cybersecurity

Data Security is critical for all schools. There have been some recent major ransomware attacks which have caused a lot of problems for computer users. When a computer becomes infected with ransomware it encrypts (or locks) the files so that they can’t be accessed. It will also try to encrypt any linked drives or folders that the infected computer has access to. Ransomware attacks generally demand a ransom before files can be restored. We recommend NOT paying any ransom, as this encourages more ransomware, and there’s no guarantee that the files will be unlocked. A computer can become infected if the user opens a corrupted email or if they visit a website or link that has been compromised. Ransomware can cause a huge amount of disruption.

Here are some key preventative steps to take to reduce the risk of being affected (this also applies to laptops and home PCs):

• Avoid dubious websites and downloads. Refrain from opening attachments that look suspicious. Think twice before clicking links.
• Beware of any suspicious looking emails. You should never open any email with an attachment if it’s from an unknown source and even if it’s from a known source you should still be cautious, especially if it’s unexpected or unsolicited. You should also avoid clicking on any embedded HTML links in an email.
• Some devices are more at risk to viruses than others. Chromebooks and Apple devices such as iPads and Macbooks are considered at low risk of being infected by viruses, and as such don’t require anti-virus software to be installed on them. Also Microsoft’s Windows 10 and 11 operating systems (OS) have integrated anti-virus software as part of the operating system, (unlike older OS versions such as Windows 7), so there’s a lower risk of a device being infected.
• Installing the latest software updates as they are made available from software providers.
• Backing up important files, You have a good backup in place that is safe and secure.
• In the event a suspicious process is spotted on your computer, instantly turn off the internet connection.
• Ensure your Wifi is secure.
• Switch off unused wireless connections, such as Bluetooth or infrared ports.

Advice on preventing ransomware from infecting your computers:

Here are some useful links to assist schools:

The National Cyber Security Centre: https://ncsc.gov.ie/guidance/

Quick Guide: Cyber Security for schools: https://ncsc.gov.ie/pdfs/NCSC_Quick_Guide_Schools.pdf

The National Cyber Security Centre has produced guidance to help organisations understand and protect against ransomware. https://twitter.com/Dept_ECC/status/1452958940141084679

Tips-advice-to-prevent-ransomware

Your school receives a call or an email, with a ‘seemingly helpful’ message that an external party is contacting you to fix an IT problem in your school or on your computer. They may say that they’re contacting you from a company that already provides services to your school, so the company name/email they provide may be familiar to you. Unless you can be sure that the email or phone call is genuine you may be a potential victim of an attempted scam. The motivation for scams is to gain access to your login information or bank details (pins, passwords etc.,) for illegal/fraud related financial gain.

The caller/email may say that in order to fix an IT problem, they need you to access a particular website. The website may look genuine and helpful, with familiar logos, so as to gain your confidence. They may ask you to click on a link on the website. Scam or ‘phishing’ emails usually contain a link to a malicious fake web page, which is used to capture your login details. Don’t click on any links or open attachments. Scammers may ask you to download a software update to your computer to ‘fix’ a problem. Once their software is activated on your computer, the main damage could already have been done.

If you suspect that you’ve been the victim of such a scam, take the following steps.

1. Turn off your computer immediately.

2. Disconnect the computer from the school network by plugging out its network cable.

3. Contact your Bank and Credit Card provider for your school accounts. Explain what has happened and follow their advice. Ask if you need to cancel or freeze your accounts/cards.

4. Contact your school IT support company and inform them that you may have been the victim of a scam. Explain what took place, and follow their advice.

5. If you have the phone or email details of the potential scammer, report these to the Gardai.

Other Important Points

1. Never reply to suspected spam/scam emails

2. Always use ‘strong’ passwords and never use the same password for multiple websites

3. Never disclose login details, passwords, PINs, bank or credit card details to other parties

4. Keep your computer’s operating system, email application and web browser up to date

Some relevant website links:

https://www.citizensinformation.ie/en/consumer/common_consumer_problems/scams_and_fraud.html

https://www.garda.ie/en/crime/fraud/

https://www.fraudsmart.ie/personal/fraud-scams/

https://www.fraudsmart.ie/personal/fraud-scams/email-fraud/phishing/