Child using computer

Is your EdTech business prepared for a ransomware attack?

Last month, EdTech company Finalsite became the latest victim of a ransomware attack, which shut down 5,000 school sites, affecting online learning for thousands of children.


The Finalsite hack is just one of a growing number of cyber attacks disrupting the education sector. Over the past year, we’ve seen small and large educational organisations hitting the headlines after falling foul to a ransomware attack – from a chain of schools in South East London to the University of Lancashire in Preston. And for every headline, there are many more attacks that go unreported.


Cyber attacks are a serious threat for the entire education industry, and even companies with robust cybersecurity measures can be vulnerable to problems. However, this is also an opportunity for you to take action and have a plan should the worst happen. It’s important that your customers and prospects are fully informed of the steps needed to mitigate against a cyber attack.

Need advice on how to prepare for a cyber attack?

At The Wisdom Partnership, we’ve helped both schools and EdTech businesses take stock and introduce protective measures against cyber attacks. We recommend you put the six steps below in place as a starting point, but we’re always on hand to give tailored expertise for your company. Get in touch.

What is a ransomware attack?

According to the FBI, ransomware is the fastest growing form of cyber attack, particularly as education becomes increasingly remote. In response to this, the National Cyber Security Centre (NCSC) has continued to beef up guidance and provide a free Early Warning service, designed to inform your organisation of potential cyber attacks on your network.

The NCSC states ransomware is a type of malware that prevents you from accessing the data on your computer systems. The data is usually encrypted, but it can also be completely erased. Usually, the criminals behind the attack will send a ransom note demanding payment for the data, but some may also threaten to leak sensitive data online.

A ransomware attack can have serious financial and reputational repercussions for your organisation

You might have some popular misconceptions that cyber crime only affects large organisations handling money, that it isn’t likely to affect an educational institution, or that it’s something for your IT department to worry about. This is not the case, with schools and EdTech businesses increasingly targets of an attack, you have no choice but to take action.

The fallout from a cyber attack is likely to have serious financial and reputational repercussions for your organisation. Often, the ransom payment can be less than the cost of damages, which is why some organisations end up paying criminals. To avoid this, we encourage all educational leaders to not only understand the risks of a ransomware attack, but to take precautions.

We’ve seen the education sector impacted in the following ways:

  • Leaked personal data: Criminals threaten to share personal information online, including details such as the addresses, emails and phone numbers of students and parents. These can include more sensitive information, such as safeguarding records, social care indicators, staff pay and bank details.

  • Leaked passwords: Cashless payment platforms and school online banking details can be compromised.

  • Disruption to student learning: Blocks to remote access, email services, learning resources and inactive whiteboards can result in hours and days of lost teaching.

  • Encrypted coursework: Students can lose hours of work towards their qualifications.

  • Misinformation: In more targeted attacks, criminals use personal information to contact students and parents with misinformation.

Six defences against a cybersecurity threat

Cyber attacks are becoming more widespread with the rise of Ransomware as a Service (RaaS). This is a subscription-based model that enables criminals to use ransomware tools to deploy attacks, paying a cut to software creators.

Whilst schools and universities will benefit from using the steps below as a starting point to mitigate against a cyber attack, we also recommend that EdTech organisations also have robust measures to protect customer information and systems.

  1. Work with knowledgeable service providers who specialise in education
    Education is markedly different from other sectors and requires a tailored IT strategy.. It’s important to work with credible service providers who not only understand your requirements for systems, but the necessary security to protect your organisation. At The Wisdom Partnership, we can direct you to trustworthy and reliable cloud service providers.

  2. Make regular backups
    Up-to-date backups are the best way to recover from a ransomware attack. Making regular offline backups of important files, knowing how to restore them, and testing regularly are critical.

  3. Prepare for an attack
    If you’re hit by a ransomware attack you can be left without important data and systems until the issue is resolved, so preparing for an attack is vital. You should identify critical assets, develop an internal and external communications strategy so people are aware of what to do, know your position on responding to a ransom demand, and identify your legal obligations regarding reporting any incidents to regulators.

  4. Train your staff in securing blended and remote learning
    Cyberattacks commonly happen by exploiting weaknesses in people. As the cybersecurity landscape continually changes, make sure your staff know how to deliver a safe and high-quality learning experience remotely and know how to identify threats.

  5. Reduce DIY and in-house IT
    You can prevent malware from being delivered and spreading to devices by filtering, blocking websites that are malicious, inspecting content and using signatures to block known malicious code. However, with cybersecurity evolving rapidly, it can be hard for in-house IT support in small organisations to keep up. We can help you find the right systems to keep your organisation safe.

  6. Have good IT governance processes
    Detecting suspicious activity is key to preventing a cyber attack. 

The steps above are taken from NCSC guidance on mitigating malware and ransomware attacks. You can read more, including what to do if your organisation has been compromised, on the NCSC website – 

Need help preparing for a cyber threat?

If you need help setting up a robust defence against a cyber attack we can help. Whether you’re an educational institution or EdTech company we can support you to take action.


Recent Posts

TWP at BETT 2024

Andrew, Stuart and Steve spent three very busy days at BETT which took place between 24th and 26th January at the ExCeL London.
Overall, with both The Wisdom Partnership and WhichMIS?, we had over 30 different meetings booked and, unusually, almost all happened at roughly the right time and on the right day – this must be a first for BETT!