Is your school website vulnerable to hackers?
You may have read in the press, that hackers claiming to support the Kurdish army’s fight against ISIS, have posted inappropriate messages on two West Midlands school websites. What is the world coming to? It highlights a real weakness that schools generally need to be aware of.
Cyber attack takes schools by surprise
It was to the greatest surprise of All Saints Primary School in West Bromwich and Perton Middle School in Wolverhampton, to find that their websites had been subjected to a serious cyber attack. It was a concerned parent reading through a routine blog that alerted All Saints to the inappropriate messages that had been posted. They were, of course, swiftly removed. But just how and why did this happen?
Whilst there was no suggestion of usernames, passwords or personal data being compromised, it is an area of extreme and growing concern for all UK schools, colleges and universities.
It would appear that hackers gained access to sites through an outdated version of WordPress - a popular and widely used CMS system.
Out of date software is a security threat
The potential security problem with school websites often lies with their use of out-of-date software. Unbeknown to many, this can pose a threat and it appears to be what has happened in this case.
Hackers will often prey on out-of-date software, given that it’s easier to penetrate. While they have typically targeted operating systems such as Windows, as security has improved, they have now moved onto other easier targets like Wordpress.
It’s vital that schools install the latest updates and perform routine maintenance
The more widely a website is used and promoted, the more vulnerable it can be. That’s why schools must not only work alongside digital experts to ensure their website looks great, but also provide a safe, secure and protected space for students, parents and pupils.
INCO – free DV SSL protection
INCO, a digital education specialist with over 18 years experience of working with schools across the UK, is well aware of the need for schools to adopt regular website management, maintenance and updates. Offering schools a complete website management service, with an option to take out a monthly website plan to spread the cost, the service includes routine maintenance, software updates, security and health checks, etc.
“In 2015, we had a school client that was subjected to a cyber attack. While it was unheard of at that time, the number of school websites being compromised today are becoming too frequent. Safety comes first with us, and by partnering Cloudfare, we now provide DDoS (Distributed Denial of Service) protection with our latest CMS systems. We will always recommend the most suitable CMS system for our clients, given each has their own individual requirements. We also have our own-brand INCO-CMS, which has enhanced security by default.”
INCO has recently decided to add free DV SSL protection to existing and new clients’ websites, with their latest CMS system. This can be added to a website in just a few hours, subject to content meeting SSL requirements. See notes below for full information.
So as cyber attacks on school websites start to hit the headlines, it’s fast becoming a more urgent issue for the education sector. INCO is the UK’s leading digital partner for schools. Call us on 03330 124 907 to find out how we can help you better manage, secure and develop your school website / web presence.
(1) SSL only applies to URL's starting with "www", the root domain without "www" is not encrypted. The unencrypted root domain will, however, re-direct to the encrypted "www" version.
(2) SSL is only provided as standard on our current CMS systems. For customers on older systems, SSL will be offered for free as part of an upgrade to the current CMS system.
(3) DV (domain validated) SSL is provided for no additional charge. Upgrades to OV and EV certificates are available.
(4) Embedded non-SSL content, e.g. iframes, will not work with SSL and will need to be relinked to SSL versions.
(5) Windows XP does not support Free SSL.