Hackers could be after free resources, not personal data, says cyber security expert Ryan Ko from the University of Waikato.

Thirty-six schools – five in the Waikato – were hacked in a global operation that saw passwords and other entry methods to 70,000 servers sold on the black market. Hamilton's Deanwell School is one of those and is seeking advice from IT specialists.

University of Waikato cyber security expert Dr Ryan Ko says any hacked school should not just hire an expert, but ask the expert to search for illegal contraband.

The sale, and attacks, were thought to have been conducted by a Russian hacking group and Waikato principals are looking at how better to protect their schools.

123RF Thirty-six New Zealand schools were hacked in a global attack.

READ MORE:

* Dozens of New Zealand schools hacked, access put up for online sale

​* Marlborough man charged for hacking wife's Facebook account

* Hacker's typo botches $1 billion bank heist

Ko likened the hack to the opportunist discovery of an unlocked empty house in the neighbourhood.

After a while you get squatters and then people might start storing illegal things there they don't want to be caught with, he said. And, in the case of online storage space accessed illegally, contraband, including child pornography, is likely to be stored.

MARK TAYLOR/FAIRFAX NZ Schools hold sensitive information that you wouldn't want a third party getting hold of, says Waikato Principals' Association president John Coulam.

And it would not be the first time. Ko said he knows of at least one business affected.

"Their website was secretly taken over by some overseas hackers and they used it to host child pornography.

"There is [also] a risk that these machines can be used to store programs that can be used to attack other computers.

123RF Schools need to keep server software up to date and patched to the latest protection systems, Dr Ryan Ko says.

"[The hackers] are after the free resources. They may not be after the [personal] data."

Ko said schools need to make sure they keep software on their servers up to date and always patched to the latest protection systems.

But it's not just schools that have to worry, Ko said.

"Most of the small to medium enterprises are equally affected because they have tight budgets for [cybersecurity]."

He suggested that the Ministry of Education invest in an insurance policy to clean up any future cyber attacks.

That idea got a thumbs-up from Hamilton Boys' High School headmaster Susan Hassall.

"We're all suffering from the same risks, really, so it would be good if we had some combined way of dealing with it," she said.

"I think the ministry needs to make a concentrated effort to minimise the risks to schools."

Hamilton Boys' hadn't been affected yet, but is always looking at how to make its system more secure, she said.

And she wouldn't hesitate to hire an expert if the school were targeted.

Hamilton's Deanwell School has already called for an expert after a letter from the Ministry of Education saying the school had been affected by the latest hack.

An IT contractor told principal Pat Poland the school might need a $5000 system check or to rebuild the server, and Poland has asked another company for a second opinion and quote.

"As a principal, I want to make sure my system's secure but I don't want to spend $5000 unnecessarily," he said.

"I'm an educator. I don't know what the potential threats are."

Most of the school's critical pupil data is in the cloud, he said.

But when it came to servers, he understood hackers could essentially take the data hostage and force the school to pay to get it back.

Schools have to be extra careful because they hold sensitive information, including medical details and parent contact details, Waikato Principals' Association president John Coulam​ said.

"You don't really want a third party getting hold of that."

He wants to see a minimum standard of protection for school networks and an approved list of network managers for schools that don't use government-owned company N4L.

His school, Marian Catholic Primary School, uses Telco Technology Services.

He'd had one email from the Ministry of Education, which warned schools to keep firewalls and protection up to date, and to check their systems.

"But what are you checking for? ... I don't know how I'd know if I've been hacked."