Stone King issues cyber scam warning to Cambridge schools

Law firm Stone King is warning head teachers in Cambridge to be on their guard against online fraudsters who demand thousands of pounds to unlock school data they encrypt.

Add This Share Buttons

The firm’s education law team says it is aware of schools that are being targeted by cyber criminals in ransomware attacks.
 
Such scam emails (which sometimes arrive after the scammers have first phoned to get the head teacher’s email address) typically attach a document or link which, if opened or clicked on, will trigger a ransomware script and encrypt the school’s files (including potentially back-up files).  Fraudsters are then demanding up to £8,000 to unlock the data but the financial cost to schools can be much higher.
 
Lawyer Brian Miller, Head of Privacy & Information Law at Stone King (pictured), said: “Schools which fall foul of the scammers also face potential fines of up to £500,000 for serious breaches of the Data Protection Act if it can be shown they are in some way responsible for the breach.
 
“From May 2018, organisations face fines of up to €10m or 2 per cent of turnover, whichever is higher, for lesser breaches of the new General Data Protection Regulation. This penalty doubles for serious breaches.
 
“In addition, a serious data protection breach by a school leading to safeguarding failures may have a negative impact on its reputation. As well as the disruption caused by a loss of data, this could also lead to a reduction in the pupil roll and affect a school’s Ofsted rating.”
 
Mr Miller added that if cyber criminals access sensitive information about pupils, a serious safeguarding breach would be committed.
 
“For academy schools, the ultimate sanction could involve the Secretary of State for Education serving a termination warning notice, which has the effect of closing down the school, unless certain conditions are met,” he said.
 
Schools should ensure that their antivirus software is as effective as possible against ransomware and should back up their data regularly. Staff should also be trained to spot suspicious emails containing ransomware, as well as the school ensuring that its policy documents are up to date to flag these issues up.



*******
 
Media enquiries:
For further information please contact Léonie Spencer, Stone King LLP, at
Email: LCS@stoneking.co.uk
______________________________________
 



Looking for something specific?