UK schools can now benefit from free email and web security provided by the country’s formidable spy agency GCHQ.
GCHQ entity, the National Cyber Security Centre (NCSC), said it had expanded eligibility for its Mail Check and Web Check services, after previously offering them to further education colleges and universities.
Web Check scans websites for common vulnerabilities and alerts participating organizations about any issues, including how to fix the problems identified.
Mail Check is designed to help organizations improve anti-spoofing to stop fraudsters from sending emails in their name and prevent data from being altered or read in transit.
“Put simply, Mail Check makes it harder for attackers to spoof you by helping you to set up and maintain good Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting & Conformance (DMARC) configurations,” explained NCSC schools engagement lead, Kerr M.
“Mail Check requires a little more input and an ongoing commitment from school admin (or suppliers) to set up. Thereafter, Mail Check will generate email notifications to alert you if there have been changes in your email security.”
The two services are part of the NCSC’s lauded Active Cyber Defence program, a leading government effort designed to make the UK one of the safest places in the world to operate online.
They have already been hugely successful in the higher and further education space, according to NCSC.
A recent Web Check scan of 10,800 college and university domains showed the service had alerted users to over 2,700 urgent findings, with 92% of these subsequently remediated.
In addition, one university was able to spot 36,642 malicious emails being sent from its domain within just two weeks. After implementing DMARC in concert with Mail Check, the uni was able to reduce this figure by 99%.
UK schools became an increasingly popular target for cyber-criminals over the pandemic, as they were forced to expand their digital infrastructure. Two in the south of England were forced to temporarily close last year after ransomware actors encrypted and stole sensitive data.