Research suggests that thousands of schools in the UK could be at risk from exploitation by hackers, potentially leading to damaging data loss and a loss of public trust.
A study by NGS Secure took place in a pair of schools, one dealing with secondary students and the other with younger primary pupils, in order to determine the levels of data protection and IT security in place at each establishment.
Three hundred and thirty eight individual machines were scanned for issues at the secondary school and in total more than 9000 problems were discovered. This included antivirus software either being absent or completely out of date, along with security vulnerabilities relating to unpatched software.
Malware and viruses could easily infect and exploit school computers such as these, according to the professionals who carried out the study.
Internal servers which hold details relating to pupils and teachers were also found to be exposed, potentially allowing third parties to steal vast amounts of valuable data with little to stop them doing so.
Poor password choices littered the systems, while users having access to separate administrator accounts and thus direct control over key system features, were also found to be prevalent.
Forty-four PCs within the primary school were examined, with just under 50 per cent of this number being plagued by gaping security holes. Significantly the type of software installed on these PCs was unsanctioned and inappropriate for school, including the likes of instant messaging services and even iTunes.
The implication of the presence of this software is that many pupils and perhaps teachers are installing them in order to play files brought on removable storage from their home PCs, which greatly increases the chances of spreading a virus to school systems.
NGC Secure’s Paul Vlissidis, said that these security issues found in two UK schools are representative of similar problems that can be discovered in many public sector organisations. In the worst cases the analysts found certain pieces of software were 15 years out of date with no patches or fixes applied.
