Incidents of cyber fraud are on the rise and schools and colleges are not immune to this type of crime. Here ASCL Specialist Hayley Dunn highlights steps leaders and their staff can take to mitigate the risks.

Be Prepared

At the Staffordshire Online Fraud Conference in 2017 – a multi-agency event to raise fraud awareness in the business community – the underlying message was clear: when it comes to online fraud, it’s a case of when you will be targeted, not if you will be targeted. 

In March 2018, the Education and Skills Funding Agency (ESFA) updated its guidance on reducing the risk of financial irregularities for academies (see https://tinyurl.com/y9mdtd23). In the guidance, the ESFA states, “Fraud is deception carried out in order to gain an unfair advantage or to disadvantage another. It may involve the misuse of funds or other resources, or the supply of false information. Although there are low levels of fraud within the academies sector, trusts should be vigilant to the risks.” 

There are many types of fraud; some common examples of cyber fraud include: 

• online fraud malware and ransomware 
• social engineering – the use of deception to obtain confidential information, that is, vishing (telephone scams), phishing (email scams), smishing (mobile phone scams) and spoofing (use of technology to imitate genuine contact information, such as email addresses and telephone numbers) 
• scams such as sending an email that appears to be a genuine email from another staff member 
• invoice fraud, where fraudsters pose as a supplier and request that future payments are sent to a different bank account 
• cheque/card fraud, that is, counterfeit cheques, stealing unused cheque books and forging signatures, altering cheques (nationally, the statistics from ONS show a rise in plastic card fraud – see https://tinyurl.com/y96pk9k2) 

When, in the media, we hear about fraud in schools and colleges it tends to involve significant sums of money, with the amounts involved in the tens of thousands. The potential risks to our schools and colleges range from the high-value, one-off fraud to lower level but higher frequency fraudulent activity. The risks involved with high-profile, high-value, one-off fraud, can be mitigated with core protections and a culture of awareness throughout the organisation. With lower value and perhaps, higher frequency fraud that can develop over time, risks can be reduced by ensuring stringent payment and financial controls. 

Your employees are your greatest assets, but also one of your greatest risks. Sensitive data can unknowingly be exposed by employees loading their work emails on to their personal phone or tablet, with the password saved, but with little or no security. There is no accusation that the member of staff is intending to act fraudulently, but if the device is lost or stolen, then sensitive data and information is potentially at risk.

Reduce the risk

We can reduce risk through educating staff, improving risk-awareness and valuing the role of internal and external audit. It is important that processes are transparent in order to protect those using them, and to protect public funds. It is also extremely important that you have a clear and robust policy in place that every member of staff follows to protect against all types of fraudulent activity. 

Here are some tips to help you and your colleagues avoid being caught out by online fraud: 

• Use strong passwords and PIN numbers. Avoid using obvious passwords that feature your name or birthday and ensure you use a mix of letters, numbers and symbols. 
• Stop, think and listen to your instincts; if something doesn’t look or feel right, it probably isn’t. 
• Set up automatic software updates and use security software on all your IT and mobile equipment. 
• Use social media wisely, considering what you share; information you have posted online could be used to commit cyber fraud against you. 
• Provide school email accounts for your local governing body members and board directors to reduce the risk of using unsecure personal email accounts. 
• If you feel that something is suspicious, discuss it with someone you trust, and if you are a victim of crime, report it to the police and to your governors. The requirements set out in the Academies Financial Handbook state, “Academy trusts must notify the ESFA, as soon as possible, of any instances of fraud, theft and/ or irregularity exceeding £5,000 individually, or £5,000 cumulatively in any academy financial year.” 
• Help to educate others; it’s important that all staff and governors are aware of how to protect themselves and the school or college against fraud.

---

More guidance

ASCL preferred supplier IT Governance offers members a complete range of cyber security services including cyber security training and network security testing. ASCL members are entitled to a 10% discount on its full product range. For more details visit: www.itgovernance.co.uk/education

---

Hayley Dunn
ASCL Business Leadership Specialist
@ShropshireSBM

Designed with IMPACT

© 2024 Association of School and College Leaders | Valid XHTML | Contact us