New cyber security awareness training is being provided to teachers and other Department for Education staff.

With cyber threats on the rise globally, the department has established a partnership with global provider Fortinet to roll out free training for corporate and public school staff.

Teachers and other staff have had access to the training since term 3 this year, with more than 600 completing the modules in the first two months, and enrolments doubling each week since then. The department will look to explore offering it to students in 2025.

State governments and education sectors accounted for almost 20% of cyber incidents reported in 2022 to 2023 to the Australian Cyber Security Centre. A key contributor was human error or people falling for sophisticated scams.

Forms of cybercrime include phishing, such as fake emails or texts from a bank or supplier, and malware that inserts a file or code to infect or steal from a network.

The training modules include the use of real-world scenarios, such as phishing examples and ways to identify fraudulent emails, and education about the importance of multi-factor authentication which reduces the risk of identity and access fraud by up to 99%.

Case studies of cybercrime in the education sector:

• In 2022, eight public schools were targeted by a supplier’s compromised email account. The attacker requested a change in bank accounts for invoice payments. Three of the schools fell victim to the scam.
• In early 2024, several corporate staff received emails claiming to be from the department’s Chief Executive. This appeared to have been an attempt at either gift card purchase fraud or invoice payment fraud.
• Also in early 2024, many corporate and school staff received extortion emails claiming to have hacked their computers.