InfoSec / Cyber

January Cyber update - How Can Schools Help Prevent Cyber Attacks?

January Cyber update - How Can Schools Help Prevent Cyber Attacks?

With the increase in Cyber crime against schools in the UK we are focusing in on what can be done to help prevent cyber crime in a way mangeable for school budgets.

 

Previously we reported on the rise in cyber attacks against schools in the UK in 2022:

https://dataprotection.education/infosec/301-vice-society-ransomware-attacks-on-schools

How can schools help prevent cyber attacks?

  1.  Training and Awareness to build a defence - first and foremost, training of staff is the best way to prevent a cyber attack.  Making people aware and following best practices as a way to build a defence.  Provide training for staff through specific courses or posters for awareness:

https://dataprotection.education/courses-heading/stay-safe-online-ncsc

https://dataprotection.education/courses-heading/how-to-avoid-a-data-breach-information-and-cyber-security

https://dataprotection.education/best-practice-library/documents/drip-feeds

Raise awareness of phishing as this is the easiest way for threat actors (hackers) to obtain login information:

https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44

https://dataprotection.education/member-dashboard/campaigns-list/campaigns?filter[tags]=

Set up Multifactor Authentication:

https://support.microsoft.com/en-us/topic/what-is-multifactor-authentication-e5e39437-121c-be60-d123-eda06bddf661

2. Best Practices that build security - have a good password policy that enforces complexity and general data governance controls, teach staff how to keep their passwords safe:

https://www.hipaajournal.com/world-password-day/

https://dataprotection.education/courses-heading/password-security

https://dataprotection.education/best-practice-library/best-practice/passwords

3. Technology Defences - move to the cloud where possible. Implement security solutions, specifically those securing access and identity through preventative controls. Ensure all devices are running the latest security patches. Backup, backup, backup - and practice a restore:

https://dataprotection.education/courses-heading/how-to-avoid-a-data-breach-information-and-cyber-security

https://dataprotection.education/best-practice-library/best-practice/information-security

https://www.ecpi.edu/blog/how-can-cloud-computing-improve-security

https://ico.org.uk/for-organisations/accountability-framework/records-management-and-security/#Access

4. Know what to do when attacked - plan out response and recovery capability. Ensure that the right people and decision makers are well versed and organised from the outset.  Don't forget that you might need to report a Cyber Attack to your data protection officer and the ICO:

https://drive.google.com/file/d/11-O0OQXC8JQleE7HEIqWVR_mYWJUI8l4/preview 

https://dataprotection.education/best-practice-library/documents/information-technology-security/131-dpe-business-continuity-template

https://ico.org.uk/media/for-organisations/documents/2614816/responding-to-a-cybersecurity-incident.pdf

https://www.gov.uk/guidance/where-to-report-a-cyber-incident

LGFL provide lots of free support and guidance for schools:

https://national.lgfl.net/security/protectionlayers

as do the NCSC:

https://www.ncsc.gov.uk/cyberaware/home#section_2

https://www.ncsc.gov.uk/blog-post/uk-schools-build-cyber-resilience

Further reading about The Enduring Impact of Cyber Crime: https://www.computing.co.uk/opinion/4062886/enduring-impact-cyber-crime?utm_id=f7e361e105abf1b25b32d48ad84e6ece&utm_term=&utm_campaign=CTG%20Daily%20V2&utm_content=%0A%20%20%20%20%20%20%20%20The%20enduring%20impact%20of%20cyber%20crime%0A%20%20%20%20%20%20&utm_medium=email&utm_source=CTG%20newsletters%20V2

 

 

Search