Best Practice Update

    You are here:  
  1. Home
  2. Best Practice Update
  3. ICO: Learning from the mistakes of others report
Photo of a lady receiving a ransomware message on a computer screen, with a news headline below like a newspaper: ICO Report: Learning from the mistakes of others: A retrospective review
Best Practice Updates

ICO: Learning from the mistakes of others report

The ICO has published a report today about 'learning from the mistakes of others'.  Given that cyber security is a crucial part of protection information and it is important to note that security breaches frequently lead to information breaches.
The report says that ten years on from the previous publication that our security incident trend information shows cyber threats not only continue to exist but increase year-on-year.  The report aims to inform organisations and support them in improving their knowledge of common security pitfalls.  

The main causes of cyber attacks listed in the report are:
  • Phishing – where scam messages trick the user and persuade people to share passwords or accidentally download malware.
  • Brute force attacks - where criminals use trial and error to guess username and password combinations, or encryption keys.
  • Denial of service – where criminals aim to stop the normal functioning of a website or computer network by overloading it. 
  • Errors – where security settings are misconfigured, including being poorly implemented, not maintained and or left on default settings.  
  • Supply chain attacks - where products, services, or technology you use are compromised and then used to infiltrate your own systems.

For each cause, the report explains how these attacks take place, some key considerations to mitigate the risk and likely future developments.

The full report can be viewed: Learning from the mistakes of others – A retrospective review

What to do in the event of a Cyber Attack 

Tell someone!  Report to IT. Report to SLT.

Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off. Isolate the infected device and pass to IT 

If you are a victim of a ransomware attack we would recommend reporting this to:
Action Fraud: https://www.actionfraud.police.uk/ as well as your data protection officer so they can advise about the data loss or your local police and ask for the cyber crime team or phone 101 and ask for the cyber crime team.

Most cyber crimes like these will also need to be reported to the ICO by your data protection officer. Our customers should email This email address is being protected from spambots. You need JavaScript enabled to view it..

These incidents should also be reported to the DfE sector cyber team at This email address is being protected from spambots. You need JavaScript enabled to view it..

Academy trusts have to report these attacks to ESFA.

Where the incident causes long term school closure, the closure of more than 1 school or serious financial damage, you should also inform the National Cyber Security Centre.

Always ensure there are backups you can restore from.  Preserving evidence is as important as recovering from the crime.

Forward suspicious emails to This email address is being protected from spambots. You need JavaScript enabled to view it.. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

Little Guide to ACTION FRAUD

©2024 Data Protection Education Ltd.

Search

  • News