Cyber crime

Overview

Cyber security helps protect the devices and online services we use from:

• unauthorised access
• theft
• damage

In an education setting, this means keeping learners, staff and school systems safe from cyber threats.

While cyber security can seem technical, there are simple steps everyone can take to reduce risk.

Key to staying safe online is understanding:

• how cyber criminals operate
• how technologies like generative artificial intelligence (gen AI) can be misused

For example, gen AI can be used to create convincing scams, deepfakes or automated attacks.

The following video is a real-life story of how cyber crime can have a devastating effect on a small business. It shows that cyber criminals are very sophisticated in what they do and don’t respect any boundaries.

Types of cyber threats

Cyber threats come in many forms. Knowing what they are helps us spot and respond to them effectively.

Phishing

Phishing is when attackers pose as trusted sources to trick people into:

• revealing sensitive information
• clicking harmful links

It can happen via:

• email phishing (fake emails that look real)
• smishing (phishing via text message)
• vishing (phishing via phone call)
• spear phishing (targeted attacks on individuals or organisations)
• quishing (phishing using QR codes)

Spotting phishing attempts

Attackers can use AI to create fake but highly realistic:

• emails
• messages
• voice calls

You should always:

• check the sender’s email address carefully
• look for generic greetings, such as ‘Dear customer’
• watch for spelling or grammar mistakes
• be cautious of urgent requests or suspicious attachments

If in doubt, don’t click. Visit the organisation’s official website directly to ascertain authenticity of the communication.

Report phishing

You can report phishing attempts to the National Cyber Security Centre.

Ransomware

Ransomware is malicious software that locks your files or systems until a ransom is paid. It often spreads through phishing emails or unsafe downloads. Schools are particularly vulnerable due to the sensitive data they hold. AI tools can help cyber criminals find vulnerabilities or automate attacks at scale.

The following video further explains what ransomware is and how we can protect ourselves.

Distributed denial of service (DDoS) attacks

DDoS attacks flood a network with traffic, making systems slow or inaccessible. These attacks can disrupt school operations and online learning platforms.

Man-in-the-middle attacks

These occur when attackers intercept communications between 2 parties, often on public Wi-Fi. This allows them to steal data or credentials.

Protecting accounts and data

Taking proactive steps helps reduce the risk of cyber incidents. The following video explains what social engineering is and how we can protect ourselves.

Password management

• Use long, complex passwords.
• Avoid reusing passwords across accounts.
• Consider using a password manager.

Multi-factor authentication (MFA)

MFA adds an extra layer of protection by requiring a second form of verification (for example a code sent to your phone).

MFA is mandatory for all non-learner Hwb accounts, such as staff and governor accounts. More information about this is available in the Hwb Support Centre.

Working in public spaces

Avoid accessing sensitive accounts on public Wi-Fi. Be aware of your surroundings to prevent ‘shoulder surfing’.

Data backups

Regularly back up important files to secure cloud storage or external drives. This helps recover data in case of an attack.

Device and software updates

Keep devices, apps, and antivirus software up to date. Updates often include security patches that protect against known threats.

Regular training and awareness

Cyber threats evolve. Ongoing training helps staff and learners stay informed and vigilant.

Cyber incident response

Even with strong defences, incidents can happen. Being prepared is key.

Schools are encouraged to:

• create a Cyber response plan using the template available on Hwb
• regularly review and update plans to reflect changes in systems or staffing
• access training from Regional Organised Crime Units (ROCUs) and Tarian

Support for young people

Support for schools

Support for families

Views from the experts

Help and support