Best Practice Update

Navy background. White text with words cyber resilience. Data Protection Education logo. Navy key hole in shape of a shield on a light blue network

Free Cyber help, advice and training with the Cyber Resilience Centres

We have previously written about the Cyber Resilience Centres which are 9 regional centres in the UK which were part of a Home Office initiative to help strengthen the reach of cyber resilience across the community.
We recently met with Daniel Sykes, the Cyber Crime Protect and Prepare Office for the South East Cyber Resilience Centre, to ask
about how their services can help small businesses, schools and multi academy trusts.
The South East Cyber Resilience Centre is a police-led partnership with academia and businesses aimed at improving cyber resilience in businesses across the South East of England.  The areas covered by this centre are: Thames Valley, Oxfordshire, Berkshire, Buckinghamshire, West Sussex, East Sussex, Surrey, Hampshire, and the Isle of Wight.

What does this mean for small businesses, schools, colleges and MATs?

It means that you can get free help and advice, including training from this organisation.  They offer free webinars:

Cyber Security for Humans

but will also do free either in person or online cyber training for staff.  If you are in the south and would like to contact Daniel for some staff training, his details are (he requires 20+ people for onsite training):

Daniel Sykes (CISMP)

Cyber Crime Protect and Prepare Officer

Cyber Crime Unit

Surrey and Sussex Police

Force Mobile – 07971337166

This email address is being protected from spambots. You need JavaScript enabled to view it.

We asked Daniel what should we be advising schools to do who are unclear about where they are with their cyber strategy?

He recommended installing and setting up the Police Cyber Alarm which is a free tool to help  you understand and monitor malicious cyber activity against your network.  The Cyber Alarm can help you help the police check your systems and advise you on anything suspicious. It can help the police understand what threats there are and identify any repeated patterns or trends on particular services. The Police Cyber Alarm had a poor reputation amongst schools when it was first released, but is now recognised as a tool to help organisations safely monitor their networks at no extra cost.  A report is provided, which is also useful in preparing for future cyber resilience.

If you are an organisation in the South East of England and would like to benefit from these and more resources, their website is here:   The South East Cyber Resilience Centre

If you are an organisation that doesn't know where to start with their cyber security plan, then start by looking at their: Cyber Workout Plan

Information about the other Cyber Resilience Centres: 

How resilient is your organisation?

(An example of the kind of question to ask is below). If you are a school or MAT are you checking in with the DfE Digital Standards for schools and colleges?

Have staff completed cyber security training?

Invalid Input


Amazing, you have ticked off an important item on the Information and Cyber Security checklist.  Staff should have cyber security training annually if they have access to the network.  This should also include training and awareness about passwords, data breaches and information security.

For further help and guidance and access to the full checklist, please contact This email address is being protected from spambots. You need JavaScript enabled to view it..




As a controller you are responsible for keeping any personal data safe that you collected.  Raising cyber security awareness is part of keeping personal data and systems safe.  The DfE Digital Standards for School and Colleges advises that all staff that have access to the network should have annual training. This should include a designated governor.  The NCSC provides free School Staff Training.  Further free training is highlighted in this article: Free Cyber Training for Staff

Harry the Hacker loves to take data that isn't protected!

 

Clipart cartoon with headphones on Please contact us for more help and advice about data protection compliance and cyber security standards: This email address is being protected from spambots. You need JavaScript enabled to view it. including the full checklist and best practice. 

 


Try asking the data protection lead in your organisation, or SLT digital lead or contact your DPO:

We can provide help and guidance with data protection compliance, cyber security standards and records management: This email address is being protected from spambots. You need JavaScript enabled to view it. including the full checklist and best practice.

What to do in the event of a Cyber Attack 

Tell someone!  Report to IT. Report to SLT.

Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off. Isolate the infected device and pass to IT 

If you are a victim of a ransomware attack we would recommend reporting this to:
Action Fraud: https://www.actionfraud.police.uk/ as well as your data protection officer so they can advise about the data loss or your local police and ask for the cyber crime team or phone 101 and ask for the cyber crime team.

Most cyber crimes like these will also need to be reported to the ICO by your data protection officer. Our customers should email This email address is being protected from spambots. You need JavaScript enabled to view it..

These incidents should also be reported to the DfE sector cyber team at This email address is being protected from spambots. You need JavaScript enabled to view it..

Academy trusts have to report these attacks to ESFA.

Where the incident causes long term school closure, the closure of more than 1 school or serious financial damage, you should also inform the National Cyber Security Centre.

Always ensure there are backups you can restore from.  Preserving evidence is as important as recovering from the crime.

Forward suspicious emails to This email address is being protected from spambots. You need JavaScript enabled to view it.. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

Little Guide to ACTION FRAUD



Search