• 0800 0862018
  • This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Mon - Fri 8:00 - 17:00

InfoSec / Cyber

    You are here:  
  1. Home
  2. InfoSec / Cyber
  3. October is Cyber Security Awareness Month: 28. Phishing
Hooded person over a computer linked to a padlock and password, badge for data protection officer, white text saying Be Cyber Aware
Information/Cyber Security

October is Cyber Security Awareness Month: 28. Phishing

October is Cyber Security Awareness Month, and while we don't think that cyber awareness is something to cover just once in the year, we think it's a good opportunity to publish some information that can be used all year round.
Awareness Day  Twenty Eight: Phishing
Awareness Day Twenty Eight Phishing

91% of all cyber attacks begin with a phishing email to an unexpected victim :Deloitte News Article.

General guidance for preventing a phishing attack:
Install security software on mobile devices.
Avoid browsing certain websites, block if necessary.
Only download reputable mobile applications from legitimate sources and restrict within an organisation.  Consider having an 'approved' software list for the organisation.
Exercise caution on social media.
Use different passwords - see previous article on Passwords: 

.
Beware of phishing emails - Article: .
Be careful when using public wireless networks.
Consciously keep up with current security trends and threats. Ensure staff are trained on how to recognise a phishing email and what to do when they receive one.  Consider running a phishing campaign as a training exercise: DPE Phishing Campaign.

Review: DfE Cyber Security Standards for Schools and Colleges.

Review NCSC Phishing Guidance:
Phishing: Spot and report scam emails, texts, websites and calls
Phishing attacks: defending your organisation

Review DPE's previous articles about phishing:












More questions like these are in our Information and Cyber Security Checklist (only viewable with a valid Data Protection Education subscription):

What to do in the event of a Cyber Attack 

Tell someone!  Report to IT. Report to SLT.

Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off. Isolate the infected device and pass to IT 

If you are a victim of a ransomware attack we would recommend reporting this to:
Action Fraud: https://www.actionfraud.police.uk/ as well as your data protection officer so they can advise about the data loss or your local police and ask for the cyber crime team or phone 101 and ask for the cyber crime team.

Most cyber crimes like these will also need to be reported to the ICO by your data protection officer. Our customers should email This email address is being protected from spambots. You need JavaScript enabled to view it..

These incidents should also be reported to the DfE sector cyber team at This email address is being protected from spambots. You need JavaScript enabled to view it..

Academy trusts have to report these attacks to ESFA.

Where the incident causes long term school closure, the closure of more than 1 school or serious financial damage, you should also inform the National Cyber Security Centre.

Always ensure there are backups you can restore from.  Preserving evidence is as important as recovering from the crime.

Forward suspicious emails to This email address is being protected from spambots. You need JavaScript enabled to view it.. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

Little Guide to ACTION FRAUD

©2024 Data Protection Education Ltd.

Search

  • News