InfoSec / Cyber

Keeping your IT systems safe and secure

Keeping your IT systems safe and secure

The ICO recently published an updated article aimed at small business with tips for IT security - this advice would also be applicable for schools and colleges.  

This table shows the advice from the ICO and how areas of the Data Protection Education Knowledge Bank can help and guide you in those areas. 

ICO Recommendation DPE Knowledge Bank Links
 Back up your data

 How secure is your server?

 Use strong passwords and multi-factor authentication

 Password Best Practice Library

 A Guide to Multi Factor Authentication

 Password Security Learning Nugget

  Be aware of your surroundings

 Information & Cyber Security Best Practice Library

 How to avoid a data breach: Information and Cyber Security Training Course

 Be way of suspicious emails

 Phishing Simulation

 Types of Phishing News Articles

 NCSC Cyber Security Training for School Staff

 Install anti-virus and malware protection

 Information & Cyber Security Best Practice Library

 Protect your device when it's unattended

 Information & Cyber Security Best Practice Library

 Physical Security

 Physical Security Learning Nugget

 Make sure your Wi-Fi connection is secure  Info/Cyber Security Checklist
 Limit access to those who need it

 Info/Cyber Security Checklist

Acceptable Use

 Take care when sharing your screen

 Working At Home Learning Nugget

 Working Out of School Best Practice Library

 Don't keep data for longer than you need it

 Records Management Best Practice Library

 Dispose of old IT equipment and records securely

 Info/Cyber Security Checklist

The full ICO article is here:  11 Practical Ways to Keep Your Systems Safe And Secure

Further ICO Password guidance: Passwords in online services

What to do in the event of a cyber attack?

Tell someone!  Report to IT. Report to SLT. 

Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off.

If you are a victim of a ransomware attack we would recommend reporting this to Action Fraud: as well as your data protection officer so they can advise about the data loss.  Most cyber crimes like these will also need to be reported to the ICO by your data protection officer.

Isolate the infected device and pass to IT 

Always ensure there are backups you can restore from.

Little Guide to ACTION FRAUD