• 0800 0862018
  • This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Mon - Fri 8:00 - 17:00

InfoSec / Cyber

    You are here:  
  1. Home
  2. InfoSec / Cyber
  3. Pre-Holiday Cyber Hygiene: Ensuring Security Before the Break
Cat with bunny ears laying on easter eggs with the title How safe is your network from intruders in the holidays?
Information/Cyber Security

Pre-Holiday Cyber Hygiene: Ensuring Security Before the Break

Many of the cyber attacks that we see on schools happen on the first day of a long weekend or a holiday - that's because the threat actors know in some instances it might be a good while before anyone notices.  So, what you can do to protect your data and your systems when you're not there?
  • Where possible have some logging and monitoring software in place that will alert someone should your network come under attack.   Design systems to they are able to detect and investigate incidents.
  • Ensure your systems are as up to date as they can be, so they are not open to known vulnerabilities.
  • Ensure there is a backup should the worst happen.
  • Ensure that any remote access is locked down to only those that really need it and done in a secure way.
  • If any devices belonging to the organisation are taken home, ensure that they are tracked via Asset Management and have the appropriate filtering and monitoring in place.
  • Ensure that all staff know what to do if they suspect a cyber incident has taken place.  Make staff aware of how they might contact the right person in your organisation.
  • Ensure your Cyber Incident Response Plan is up to date.
  • Remind everyone about the use of strong passwords and use MFA where possible.
  • Ensure staff are aware there may be increased phishing emails over the next few weeks.
  • If any employees or students are leaving at the end of term, ensure their accounts are terminated in the correct time frame.
Review our End of Term checklists: End of Term/Year Routines for Schools
Review our other Guidance for Schools and Data Protection about taking photos for special events: Guarding Festive Moments: Navigating Privacy at the End of Term and Christmas
Review physical security of the building:  document DPE Model Physical Security Policy (179 KB)

Remember the cyber criminals will not be taking a holiday! 

What to do in the event of a Cyber Attack 

Tell someone!  Report to IT. Report to SLT.

Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off. Isolate the infected device and pass to IT 

If you are a victim of a ransomware attack we would recommend reporting this to:
Action Fraud: https://www.actionfraud.police.uk/ as well as your data protection officer so they can advise about the data loss or your local police and ask for the cyber crime team or phone 101 and ask for the cyber crime team.

Most cyber crimes like these will also need to be reported to the ICO by your data protection officer. Our customers should email This email address is being protected from spambots. You need JavaScript enabled to view it..

These incidents should also be reported to the DfE sector cyber team at This email address is being protected from spambots. You need JavaScript enabled to view it..

Academy trusts have to report these attacks to ESFA.

Where the incident causes long term school closure, the closure of more than 1 school or serious financial damage, you should also inform the National Cyber Security Centre.

Always ensure there are backups you can restore from.  Preserving evidence is as important as recovering from the crime.

Forward suspicious emails to This email address is being protected from spambots. You need JavaScript enabled to view it.. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

Little Guide to ACTION FRAUD



Image created using Canva AI technology
©2024 Data Protection Education Ltd.

Search

  • News