Awareness Day Twenty Eight: Phishing
"Wherever there is technology there needs to be cybersecurity"
Implementing cybersecurity best practices is important for organisations of all sizes to protect personal, financial and sensitive information.
Awareness Day Twenty Eight Phishing
91% of all cyber attacks begin with a phishing email to an unexpected victim :Deloitte News Article.
Recognise and Report Phishing (Recognising Red Flags 🚩):
- A tone that's urgent or makes you feel scared (i.e. click immediately or your account will be closed)
- The sender email doesn't match the company it's coming from (unusual spellings)
- An email you weren't expecting
- Request to send personal information
- Misspelled words, bad grammar and unusual URLs can still be a sign of phishing
Information source: CISA Cyber Security Awareness Month
General guidance for preventing a phishing attack:
- Install security software on mobile devices.
- Avoid browsing certain websites, block if necessary.
- Only download reputable mobile applications from legitimate sources and restrict within an organisation. Consider having an 'approved' software list for the organisation.
- Exercise caution on social media.
- Use different passwords - see previous article on Passwords: October is Cyber Security Awareness Month: 27. Passwords
- .
- Beware of phishing emails - Article: Types of Cyber Attacks: Phishing.
- Be careful when using public wireless networks.
- Consciously keep up with current security trends and threats.
Review: DfE Cyber Security Standards for Schools and Colleges.
Take a look at our Drip Feed poster:
pdf Who's sending you emails (151 KB)
Review NCSC Phishing Guidance:
Phishing: Spot and report scam emails, texts, websites and calls
Phishing attacks: defending your organisation
Review DPE's previous articles about phishing:
Types of Cyber Attacks: Phishing
Freebies: Data Protection Education
Introduction to the Knowledge Bank
Cyber Crime: AI Generated Phishing Attacks
More questions like these are in our Information and Cyber Security Checklist (only viewable with a valid Data Protection Education subscription):
What to do in the event of a Cyber Attack
Tell someone! Report to IT. Report to SLT.Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off. Isolate the infected device and pass to IT
If you are a victim of a ransomware attack we would recommend reporting this to:
Action Fraud: https://www.actionfraud.police.uk/ as well as your data protection officer so they can advise about the data loss or your local police and ask for the cyber crime team or phone 101 and ask for the cyber crime team.
Most cyber crimes like these will also need to be reported to the ICO by your data protection officer. Our customers should email
These incidents should also be reported to the DfE sector cyber team at
Academy trusts have to report these attacks to ESFA.
Where the incident causes long term school closure, the closure of more than 1 school or serious financial damage, you should also inform the National Cyber Security Centre.
Always ensure there are backups you can restore from. Preserving evidence is as important as recovering from the crime.
Forward suspicious emails to
Review our Cyber Security Best Practice Area for micro learning, support, guidance and policies:
Why not have a look at our 'specialist' trainer Harry the Hacker :