October is Cyber Security Awareness Month, and while we don't think that cyber Security  awareness is something to cover just once in the year, we think it's a good opportunity to publish some information that can be used all year round.

We previously reported on some schools that had sufferred ransomware attacks, namely Thomas Hardye in Dorset.  It has since been discovered the attack was by the hacker group that goes by the name "Rhysida".  
The attack methodology used was by exploiting a known vulnerability in PaperCut.  Other schools have reportedly suffered the same attack from the group.

As we have seen an increase in the number of cyber attacks on schools we wanted to highlight a white paper that has been produced by the National Cyber Security Centre (NCSC), part of GCHQ and the National Crime Agencey (NCA).  The UK is currently a high value target for cyber criminals, not just in terms of business but against the UK citizens as well.

A number of schools have recently been victims of cyber attacks, some of whom we have been working with to determine the extent of the data breaches. 

The current attacks seem to be directed at secondary schools causingsome to close for a week or work on reduced hours, while systems and data are recovered.

We wanted to highlight an organisation called the National Cyber Resilience Centre Group which consists of nine regional centres in the UK that were set up to strenghten the reach of cyber resilience across the business community.

A coalitiion of police, government, large employers and organisations and academia are supporting the growth of the Cyber Resilience Centre Network.

The ICO has recently published new guidance about bulk email communications following a number of data breaches caused by the incorrect usage of CC and BCC (carbon copy and blind carbon copy). 

Emails sent to the wrong person or emails copied rather than blind copied to customers/parents are the most common data breaches seen and are often because someone is rushing or under pressure.

We've produced a document to provide help and guidance in the event of a cyber attack.  The document is part of our Information and Cyber Security Best Practice Area and covers:

This document gives a list of who to contact and what to do just after a cyber attack.  It covers:

For those outside the computing world, it feels as though AI (Artificial Intelligence) has suddenly appeared and having a huge impact on the rest of the world.  Artificial intelligence is intelligence demonstrated by computers, as opposed to human or animal intelligence.  'Intelligence' encompasses the ability to learn to reason, to generalise and to infer meaning. 

Surrey Police are investigating a fraud and computer misuse allegation at AQA, England's largest exam board which follows the recent data breach reported by Cambridgeshire Policy into a data breach with the exam boards at OCR and Pearson. Full article: AQA also hit by exam paper cyber attack.

This article was originally published in January 2023, but has been updated with some additional information, following further ransomware attacks on schools in the UK. Highly confidential documents from 14 schools in the UK have been leaked online by hackers.  The Vice Society has been behind a high-profile string of attacks on schools across the UK and the USA in recent months.

This article is one in a series of articles about raising cyber awareness in an organisation.  We visit a number of organisations through our data walks and often discuss the use of USB sticks with staff and are told that they are not allowed.  Yet we will see them in use during the walk.  A verbal/written policy is not the same as prevention and detection.  This article will discuss methods for detection and why.

This article is about cyber insurance in the public sector, particularly in relation to schools.  Cyber insurance is a special type of insurance intended to protect businesses from internet-based risks, and more generally risks relating to information technology infrastructure and activities.  It is also known as cyber liability insurance or cyber risk insurance.