Schools and academy trusts have been warned to be on high alert for cyber fraudsters following a series of costly incidents.
Education expert Michaela Johns, Director of Hampshire accountancy firm HWB, issued her advice after compiling a list of cases where schools were targeted.
These include ransomware, hacking, bank details changed and contracts for services, with losses running into thousands.
HWB specialises in working with academy schools to help them stay on top of increasingly complex financial regulations and holds regular seminars for academy trust governors.
Michaela, who works closely as an external auditor with academies and independent schools across Dorset, Hampshire and Wiltshire, told the latest academy information seminar: “Forewarned is forearmed and schools must remain extremely vigilant to combat these increasing cyberattacks.
“Highlighting some of the ones that are hardest to spot will hopefully draw attention to the devious methods criminals are now using to defraud our educational establishments.”
Ransomware – fraudsters demanded £4,000 to give back access to a school’s marketing material, website and photos library – which was not backed up on its computer system. The school had to choose between redoing it all again from scratch or paying the ransom to get the information released – it paid up. The school’s trustees’ main worry was that pictures of school pupils were included and the reputational damage should it be known that these had not been protected would be immense. The finance cost was galling but not their top worry.
Hacking – the school did not know one of its employees’ emails had been hacked and the hacker waited for an opportune moment to send an email from the ‘employee’ to finance telling them that they had changed their bank details. This was actioned without any checks and the employee’s next salary went to the hacker. It cost the school up to £3,000 – easy money if a number of schools had been targeted.
Bank details changed – similar to the above but less direct. A letter or an email comes in from a supplier, usually when major capital works are being carried out so that the figures will be big. This gets processed on the system with no external checks to the supplier. The next payment or two goes to the fraudster before the supplier starts chasing for late payment.
Contracts for services – this is likely to be insider fraud and occurs when there are budgeted regular payments for, say, boiler servicing or electrical testing. Fraudulent invoices purporting to be from the supplier and fake bank details are received by the school which would be unaware of any fraud. As well as the fraud itself, this leads to both health and safety and reputational risks as the necessary work is not being carried out. This one had been happening for three years and was only picked up with a change of personnel.
Michaela added: “Such is the scale of the problem that the Government’s Education and Skills Funding Agency (ESFA) now demands that all ransom demands are reported.
“Schools should make sure they have a plan in place in case the worst does happen – this includes reporting details to Action Fraud, the UK’s national reporting centre for fraud and cybercrime, the ESFA and the school’s own auditors.”
There are 24,413 schools in England and currently 1,170 multi academy trusts that manage at least two schools. Not all schools are part of an academy trust.
Chartered accountants HWB provides business and tax advice from its headquarters in Chandler’s Ford, near Southampton and offers a free resource to academies – a 10 point checklist guide to reducing fraud.
NOTES TO REPORTERS
Source for schools’ figures: https://www.besa.org.uk/supplier/the-education-company-ltd/
HWB Chartered Accountants
Highland House, Mayflower Close, Chandler’s Ford, Eastleigh,
Hampshire, SO53 4AR
Phone: 023 8046 1200
HWB Chartered Accountants was founded in 1985 as Hopper Williams & Bell and is based near Southampton. The firm provides accounting, tax and business advisory services to organisations across Hampshire, Wiltshire, Dorset & West Sussex and beyond.
As one of the leading firms of chartered accountants and business and tax advisers in the region, HWB offers the depth of resource and specialist skills of a national practice but remains dedicated to the personal approach.
Services include: accounting services, audit and assurance, auto enrolment, business strategy & planning, corporate finance, HMRC enquiry fee protection, human resources, international services, IT services and solutions, online accounting, payroll services, personal tax services, probate & estate administration, specialist tax and financial planning.
Specialisms include: education sector and academies, architects, charities, FCA accountants, healthcare, legal, logistics, property accountants, recruitment and travel.
HWB’s motto is Experience the difference.
The firm produces a series of guides and tax cards and has a resources centre on its website, as well as staging seminars and events on a regular basis. The HWBulletin is published bi-annually.
HWB is registered to carry on audit work in the UK and regulated for a range of investment business activities by the Institute of Chartered Accountants in England and Wales (ICAEW)
For media inquiries please contact Cliff Moore, Deep South Media Ltd, on 07469 158458 or Scott Sinclair on 07500 796666.