Information and Cyber Security
- Overview
- Guidance, Documents & Policies
- Info/Cyber Security Checklist
- Examples & Advice
- Short videos
- FAQs
- Ask a Question
Data Protection often looks at the security and legalities of personal data, information security looks at more practical steps to secure all data in your organisation - in reality, the two things are intrinsically linked and the DPE data protection framework utilised many approaches from information security frameworks.
The documents include:
- Cyber Essentials Guidance
- Business Continuity Template
- Information Security Policy
- Physical Security Policy
- Changing IT Provider Considerations
For a complete Information Security programme, other resources and tools are necessary, as well as strategic coordination with your information technology and facilities specialists. However, it is important to remember that accountability and governance is the responsibility of leadership and practical security and data protection is everyone's responsibility.
Other policies and tools should be used as part of your information security programme and these are an important part of a data protection programme. These include:
- Clear desk policies
- Record of processing (supplier, systems and hardware due diligence)
- Retention schedules
- Records management
- Risk management
- Bring your own device
- Acceptable use
- Password Management
- User Access Control
- etc.
Risk assessment is a key factor in information governance. We have therefore provided a new e-learning module on risk assessment.
Templates, Policies and Guidance:
document Cyber Essentials Guidance (24 KB)
document What to do immediately after a Cyber Attack (58 KB)
document DPE Business Continuity Template (37 KB)
document Information Security Policy (469 KB)
DPE Model Physical Security Policy
Advice and guidance when changing IT providers: document DPE Changing IT Provider Considerations (205 KB)
Related Best Practice Areas
- Passwords
- Clear desk
- Working out of school
- Records Management
- Acceptable Use
- Site moves
- Data Breaches
- Create a Phishing Simulation Campaign: Phishing Simulation
Drip-feed posters
Stay Safe Online Infographic
NCSC Ten Steps to Cyber Security Infographic
e-Learning
- How to avoid a data breach: Information and Cyber Security
- Stay Safe Online NCSC
- Password Security
- NCSC Cyber Security Training for School Staff
- Introduction to Risk Management
- NCSC Top Tips for Staff Interactive Video
- Cyber Security Guidance for small businesses
External links
Get Ready for Cyber Essentials
ISO/IEC 27001 and related standards
ICO Information Security Checklist
NCSC Cyber Security Toolkit for Boards
NEN Standard Network Design:
NEN MAT Standard Network Design
NEN Secondary Standard Network Design
NEN Primary Standard Network Design
How to Report a Cyber Attack
Tell someone! Report to IT. Report to SLT.
Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off.
If you are a victim of a ransomware attack we would recommend reporting this to Action Fraud: https://www.actionfraud.police.uk/ as well as your data protection officer so they can advise about the data loss. Most cyber crimes like these will also need to be reported to the ICO by your data protection officer.
Government Cyber Incident Reporting Service: https://signpost-cyber-incident.service.gov.uk/
Isolate the infected device and pass to IT
Always ensure there are backups you can restore from.
Little Guide to ACTION FRAUD
Remember – ‘Hackers don’t break in they login’!
![Microsoft Copilot AI generated image of computers on a world with hackers by the side](/images/2024/article%20images/global%20it%20outage%20360%20x%20240%20px.png#joomlaImage://local-images/2024/article images/global it outage 360 x 240 px.png?width=360&height=240)
How does the recent global IT outage affect me?
![A digital illustration of a speech by the King about the Cyber Security and Resilience Bill. The image is created using Microsoft Designer and features a modern, professional design.](/images/2024/article%20images/Kings%20speech%20360%20x%20240%20px.png#joomlaImage://local-images/2024/article images/Kings speech 360 x 240 px.png?width=360&height=240)
King's speech introduces new bills in relation to cyber security, smart data and digital information
![blackboard with schools out for Summer written in chalk, bucket and spade and sunglasses and Harry the Hacker phishing](/images/2024/article%20images/pre-holiday%20cyber%20hygiene%20360%20x%20240%20px.png#joomlaImage://local-images/2024/article images/pre-holiday cyber hygiene 360 x 240 px.png?width=360&height=240)
Pre-Holiday Cyber Hygiene: Ensuring Security Before the Break
![Harry the hacker phishing, green shield on a mobile phone, Data protection education logo and the text What's a cyber incident in orange](/images/CYBER%20INCIDENT%20360%20X%20240%20PX.png#joomlaImage://local-images/CYBER INCIDENT 360 X 240 PX.png?width=360&height=240)
What's a Cyber Incident and what should we do?
![Harry the Hacker phishing, cyber in orange text, training in blue text, computer skulls in navy on the right hand side going down the screen](/images/2024/article%20images/Cyber%20Training%20360%20x%20240%20px.png#joomlaImage://local-images/2024/article images/Cyber Training 360 x 240 px.png?width=360&height=240)
Free short cyber training for staff
![Cyber security breaches 2024 in gold letters educational institutions in blue in an orange and blue circle with Harry the Hacker in an orange hoodie in the background phishing for a laptop](/images/2024/article%20images/Education%20Cyber%20security%20breaches%202024%20360%20x%20240%20px.png#joomlaImage://local-images/2024/article images/Education Cyber security breaches 2024 360 x 240 px.png?width=360&height=240)
Cyber Security Breaches Survey 2024 (Education Institutions)
![Cyber security breaches 2024 in gold letters businesses and charities in blue in an orange and blue circle with Harry the Hacker in an orange hoodie in the background phishing for a laptop](/images/2024/article%20images/Cyber%20Breaches%202024%20Businesses%20360%20x%20240%20px.png#joomlaImage://local-images/2024/article images/Cyber Breaches 2024 Businesses 360 x 240 px.png?width=360&height=240)
Cyber Security Breaches Survey 2024 (Businesses and Charities)
![computer laptop with the words cyber incident review on the screen. Data Protection Education logo on the notebook to the right of the laptop. Harry the Hacker cartoon phishing a laptop](/images/2024/article%20images/cyber%20incident%20review%2060%20x%20240%20px.png#joomlaImage://local-images/2024/article images/cyber incident review 60 x 240 px.png?width=360&height=240)
Cyber Incident Review: The Benefits
![A computer screen with computer code. The word cyber attack in red in amongst the code](/images/Cyber_attack_360x240.png#joomlaImage://local-images/Cyber_attack_360x240.png?width=360&height=240)
Cyber attack on a University
![Data breach in orange text on a computer screen with computer text in blue](/images/data_breach_360__240_px.png#joomlaImage://local-images/data_breach_360__240_px.png?width=360&height=240)
Kent Councils Data Breach
![Multi-factor in white text, authentication in orange text above the Data Protection Education Logo on a navy background. A cartoon computer screen with a password entry with asterisks in](/images/2024/article%20images/MFA%20360%20x%20240%20px.png#joomlaImage://local-images/2024/article images/MFA 360 x 240 px.png?width=360&height=240)
2FA Authentication day/Happy National Change Your Password Day
![Phishing in blue text on a computer screen background which is black](/images/Phishing_360__240_px.png#joomlaImage://local-images/Phishing_360__240_px.png?width=360&height=240)
Phishing attacks targeting schools - alert from City of London Police
![Hooded person over a computer. Text Cyber Aware. Blue padlock over a username and password. Data Protection Education DPO badge](/images/Be_cyber_aware_october360_x_240_px.png#joomlaImage://local-images/Be_cyber_aware_october360_x_240_px.png?width=360&height=240)
Update on Advisory for Rhysida Ransomware
![Cartoon of a criminal dressed in black with black hat, cyber criminal in orange on their chest, climbing out of a computer carrying a yellow computer folder on their shoulder](/images/Cyber%20Criminal%20360%20x%20240%20px.png#joomlaImage://local-images/Cyber Criminal 360 x 240 px.png?width=360&height=240)
The Crime in a Cyber Attack and a Data Breach
![NCSC Annual Cyber Review in white text, 2023 in white text on a blue background. Background is a tunnel of computer screens (like going through a black hole)](/images/NCSC%20Annual%20cyber%20review%20360%20x%20240%20px.png#joomlaImage://local-images/NCSC Annual cyber review 360 x 240 px.png?width=360&height=240)
NCSC Annual Review is published for 2023
![data breach in orange computer text on a computer screen with computer code](/images/data_breach_360__240_px.png#joomlaImage://local-images/data_breach_360__240_px.png?width=360&height=240)
Learning from Data Breaches
![White padlock on a dome over a digital city, in blue and orange. White text saying Cyber Resilience. Data Protection DPO services badge](/images/Cyber%20Resilience2%20360%20x%20240%20px.png#joomlaImage://local-images/Cyber Resilience2 360 x 240 px.png?width=360&height=240)
Windows 11 security ineffective against attacks on old devices
![Dark hooded person working on a laptop with a beam of a padlock and a password field. Be Cyber Aware in white cyber text and the Data Protection Education DPO services badge in the bottom right](/images/Be_cyber_aware_october360_x_240_px.png#joomlaImage://local-images/Be_cyber_aware_october360_x_240_px.png?width=360&height=240)
International Counter Ransomware Initiative 2023 Joint Statement
![A digital city with a dome around it showing protection, a white padlock at the top. Cyber resilience in white text. Data Protection Education DPO badge](/images/Cyber%20Resilience2%20360%20x%20240%20px.png#joomlaImage://local-images/Cyber Resilience2 360 x 240 px.png?width=360&height=240)
Resistant Cloud Backups
![Be cyber aware in orange text on a blue background above a blue mobile phone, blue key store, blue key and a blue shield with a green tick inside it.](/images/Be_Cyber_Aware_360__240_px.png#joomlaImage://local-images/Be_Cyber_Aware_360__240_px.png?width=360&height=240)
Top Ten Cyber Security Misconfigurations
![Reprimand in orange text on a blue back ground which has computers. ICO logo in the top left](/images/reprimand_360__240_px.png)
ICO Reprimand: company suffered a ransomware attack
![Hooded person over a computer linked to a padlock and password, badge for data protection officer, white text saying Be Cyber Aware](/images/Be_cyber_aware_october360_x_240_px.png)
October is Cyber Security Awareness Month: 31. On the road to cyber essentials
![Childrens hands showing their palms each with a letter from the word 'Safety'. Blue text:](/images/Online%20Safety%20Act%20360%20x%20240px.png#joomlaImage://local-images/Online Safety Act 360 x 240px.png?width=360&height=240)
The UK Online Safety Bill becomes an Act (Law)
![Hooded person over a computer linked to a padlock and password, badge for data protection officer, white text saying Be Cyber Aware](/images/Be_cyber_aware_october360_x_240_px.png)
October is Cyber Security Awareness Month: 24. Backups
![Hooded person over a computer linked to a padlock and password, badge for data protection officer, white text saying Be Cyber Aware](/images/Be_cyber_aware_october360_x_240_px.png)
October is Cyber Security Awareness Month: 27. Passwords
![Hooded person over a computer linked to a padlock and password, badge for data protection officer, white text saying Be Cyber Aware](/images/Be_cyber_aware_october360_x_240_px.png)
October is Cyber Security Awareness Month: 30. Support
![Hooded person over a computer linked to a padlock and password, badge for data protection officer, white text saying Be Cyber Aware](/images/Be_cyber_aware_october360_x_240_px.png)
October is Cyber Security Awareness Month: 29. Admin controls
![Hooded person over a computer linked to a padlock and password, badge for data protection officer, white text saying Be Cyber Aware](/images/Be_cyber_aware_october360_x_240_px.png)
October is Cyber Security Awareness Month: 28. Phishing
![Hooded person over a computer linked to a padlock and password, badge for data protection officer, white text saying Be Cyber Aware](/images/Be_cyber_aware_october360_x_240_px.png)
October is Cyber Security Awareness Month: 26. Physical Security
![Hooded person over a computer linked to a padlock and password, badge for data protection officer, white text saying Be Cyber Aware](/images/Be_cyber_aware_october360_x_240_px.png)