Universities and colleges are not immune from deception by unscrupulous bad actors. The extent to which educational institutions can manage and control risk not only depends on financial management and internal controls, but also the robustness of security and processes which can be exploited from outside the organisation.
Universities and colleges are not immune from deception by unscrupulous bad actors. The extent to which educational institutions can manage and control risk not only depends on financial management and internal controls, but also the robustness of security and processes which can be exploited from outside the organisation.
Internal fraud can be demoralising. Staff exploiting weaknesses in internal processes to set up false suppliers, abuse the company credit card or claim additional expenses appear minor, but all amount to fraud and could have serious repercussions for the individuals concerned.
A recent decision in the Supreme Court in R v Andrews [2022] UKSC 24 has highlighted that anyone falsely claiming qualifications on their CV can be stripped of the profits of their deception. The Supreme Court permitted a Proceeds of Crime Act 2002 (POCA) confiscation order on the basis of the pre-appointment earnings. Ensuring that validation in recruitment processes is properly and diligently carried out would avoid the worst excesses of CV fraud, but would also deter appointments of people who may see education as a soft target.
But what of the external actors who target education and charities, who rely on volunteers, community support, co-operation and public goodwill to operate effectively and generate additional income? The sophistication and variety of modes of the attack has certainly evolved over the past two years, as has the frequency of experience and level of disruption caused.
The Department for Digital Culture Media and Sport has surveyed the education sector as part of its aim to inform government policy on cyber security in its annual Cyber Security Breaches Survey 2022 . The results show 92% of higher education institutions identified a breach, while the education sector as a whole, experienced some of the highest levels of the most dominant form of attack in phishing emails, outstripping even the business sector.
But one concern is the survey identified that most education establishments experienced some form of attack or breach on a weekly basis. Spoof emails or impersonation attacks, and attempts at gaining unauthorised access through malware, were also a common occurrence.
The high levels of reporting could point to increased security, senior management engagement and staff vigilance underlining their preparedness to invest in approaches to prevent attacks – such as security monitoring or penetration testing, as well as maintaining risk assessment and disaster plans to trigger appropriate responses.
In reality, where these attacks were effective, a significant proportion of the institutions experienced a negative outcome, with loss of data for illicit purposes or financial losses or accounts systems being compromised. As a consequence, they reported significant disruption with increased manpower and staff time to deal with the reporting and stakeholder engagement, post event.
One key feature of the report is the kudos given to the education sector as a result of its cyber security planning and policies, the level of knowledge of directors and trustees and how they dealt with breaches – including external reporting (with stakeholders, insurers, regulators) and implementation of additional controls (passwords and two factor authentication). In fact, it was regarded as the equivalent of large businesses, who are considered to be the most well-equipped to deal with these issues.
It is perhaps testament to the education sector’s reported high levels of compliance with the 10 Steps to Cyber Security and its proactivity in seeking guidance and enhanced security that has led to its overall rating which, in some instances, outperforms businesses. Despite the concerning levels of attacks which target educational institutions, these efforts go a long way to block potential disruption. Regrettably, in the digital and online times in which we live, it does not eradicate the risk, but it mitigates the harm and allows educators to focus on what they do best, which is heartening news.
Partner
paul.wainwright@brownejacobson.com
+44 (0)121 237 4577
There’s been little evidence of interventions or financial management reviews this year and it appears the Education and Skills Funding Agency (ESFA) has re-focussed on financial delivery. It’s also telling that there were no discernible changes to the reporting of financial irregularities in the Academies Trust Handbook 2022.
The Children’s Commissioner, Rachel De Souza, has recently published a report “Beyond the labels: a SEND system which works for every child, every time”, which she intends to sit alongside the DfE’s SEND Review (2019) and SEND Green Paper (2022) and which she hopes will put children’s voices at the heart of the government’s review of SEND system.
There’s greater opportunity than ever for parents, carers and guardians to voice any concerns they have relating to their child’s education and for their concerns to be heard and to be taken seriously. While most staff in schools and academies are conscious of their legal duties relating to complaints management, many are struggling to cope with such a significant increase in the volume of complaints they must manage.
We’re pleased to collaborate with Lloyds Bank, who recently asked us and audit and risk specialists Crowe UK to offer guidance that academy trusts would find helpful when considering setting up a trading subsidiary.
The DfE has published new guidance and opened the application process for window two of the Trust Capacity Fund (TCaF) for 2022/2023, with a fund of £86m in trust capacity funding focused particularly on education investment areas.
The Independent Inquiry into Child Sexual Abuse was established in March 2015. We now have its report. As you would expect with such a broad scope, the report is long and makes a number of far-reaching recommendations. In this article, Dai Durbridge highlights seven of the 20 recommendations, sets out how they could impact on schools and suggests what steps to take now.
Browne Jacobson’s education team has been named as winner of the ‘Legal Advisors to Education Institutions’ category at the Education Investor Awards 2022 for a record sixth time.
Since the new Suspensions and Exclusions Statutory Guidance was published, we have received a lot of questions about the use of managed moves. For the first time, the Statutory Guidance does explain what a managed move is, but in relatively broad terms and does not cover the mechanics of how a managed move should operate.
Over 3000 young people from across the UK and Ireland took part in a virtual legal careers insight event, aimed at making the legal profession more diverse.
Holly Quirk, an associate barrister in Browne Jacobson’s Manchester office, was awarded the Legal Professional of the Year Award at this year’s Manchester Young Talent Awards.
The risk of assault against staff is, sadly, something that all schools need to consider carefully. Here one legal expert explains what they can do to protect staff and ensure they fulfil their duty of care.
Browne Jacobson’s education team has again been confirmed as a national powerhouse after securing five Tier 1 rankings relating to Education in the latest edition of Legal 500 and maintaining a Band 1 UK-wide ranking for Education in Chambers & Partners UK 2023.
Created at the end of the Brexit transition period, Retained EU Law is a category of domestic law that consists of EU-derived legislation retained in our domestic legal framework by the European Union (Withdrawal) Act 2018. This was never intended to be a permanent arrangement as parliament promised to deal with retained EU law through the Retained EU Law (Revocation and Reform) Bill (the “Bill”).
The majority of people do not feel the need to embellish their CV to get that coveted position and move on up the career ladder. Their worthiness and benefit to the hiring organisation are easily demonstrated through the recruitment process – application, psychometric testing, selection day or interview.
In this article we set out the criteria, expectations and support schools should consider if notified they fall within this new category.
The words “Grammar schools” are once again being whispered in government and the question of whether the creation of new grammar schools will finally be implemented as a central focus to DFE policy has re-surfaced.
As a result of a recent Charity Commission legal action, the former trustee of a Welsh charity was ordered to pay over £117,000 to Wrexham charities which support cancer patients.
Academy trusts no longer need to seek consent for contractual indemnities within the ‘normal course of business’. What do trusts need to consider?
In this article we set out the most common issues we encounter, along with guidance on assessing and mitigating the risk from assaults.
In this article we set out some of the support that's available to schools in a bid to reduce the overhead that complaints management generates.
As we start the Autumn term, the first part of the process for changing school admission arrangements can begin.
On 21 September 2022, we had the pleasure of hosting a Whitehall & Industry Group (WIG) lunchtime briefing, delivered by the Director General for the DfE’s Strategy Group, Julia Kinniburgh.
Law firm Browne Jacobson and the University of Nottingham are launching a ground-breaking two and a half year Knowledge Transfer Partnership which aims to develop and embed long-lasting equality, diversity and inclusion (EDI) principles and learnings into the firm’s practices and processes, amongst its key client-bases and the national legal sector.
In an academic environment, there can be pressures to publish, particularly where funding is dependent upon research and reputation. Whilst there can be competition between Higher Education establishments to be the first to publish, there can also be internal conflicts over authorship rights where several individuals have contributed to the work.
The Health and Safety Executive (HSE) have announced they will be carrying out a programme of inspections to primary and secondary school establishments from September 2022. The inspections will assess how schools are managing the risks from asbestos and meeting the Duty to Manage requirements, set out in Regulation 4 of the Control of Asbestos Regulations 2012.
In July, the long-awaited statutory guidance on the Subsidy Control Act 2022 (Act) was published in draft form (Draft Guidance). A consultation on the draft guidance has recently ended and the results have not yet been published – it may therefore change before the final version is published.
In July 2022, the Supreme Court handed down its long-awaited Judgement in the case of Harpur Trust v Brazel relating to the correct calculation of statutory holiday pay for part year workers. This decision has implications for all part year workers on contracts which subsist all year round, whether their hours are normal or irregular.
Universities and colleges are not immune from deception by unscrupulous bad actors. The extent to which educational institutions can manage and control risk not only depends on financial management and internal controls, but also the robustness of security and processes which can be exploited from outside the organisation.
The new set of Legal 500 directory rankings have been published and we are proud to once again be recognised as one of the country’s leading firms advising the Education sector.
Browne Jacobson has been ranked as a Top Tier law firm in 25 key practice areas in Legal 500 UK 2023, the independent directory of comparative law firm performance. The firm also continues to underpin its status as one of the leading law firms in the East Midlands region with 16 Tier 1 rankings.
In University of Dundee v Chakraborty, the Employment Appeal Tribunal (EAT) considered whether a first draft of a grievance report could retrospectively be deemed to be privileged.
On 7 July this year, NHS England published its statutory guidance for Integrated Care Boards (ICBs) and with it set out the ICBs’ role and responsibilities and how they should collaborate, interact and carry out their anti-fraud, bribery and corruption functions in concert with NHS England.
Since the UK left the EU and are now able to move away from the EU data protection regime, the UK government have implemented a national data strategy with the aim of reducing the burden on organisations but maintaining a high data protection standard.
The Chancellor’s recent mini-budget provided a significant announcement for business as it was confirmed that the off-payroll working rules (known as “IR35”) put in place for public and private sector businesses from 2017 and 2021 will be scrapped from April 2023.
The law around disability discrimination against pupils is not straightforward – but the reputational risk, let alone costs, of falling foul of the law are huge, so it’s worth upskilling staff whenever possible, as these two lawyers outline.
