This article is about a recent cyber attack on Leytonstone School.  The school in Waltham Forest has been closed since half term after it was targeted and a significant amount of personal data was accessed.

The school is still closed to all pupils other than those taking their GCSEs because the school currently does not have a single central record (SCR), sometimes referred to as a single central register.  An SCR is a statutory requirement for all schools and academies in E

This article is about firewalls and how they can help in your plan towards being cyber resilient.

What is a firewall?  Think of a firewall as an intruder detection system for your organisation's network.   It is a virtual barrier between your computer or network and the internet. Its role is to keep an eye on all the incoming and outgoing data, like a security guard watching the entrance to your house or office.  The main purpose of a firewall is to protect your co

This article is about cyber attacks and data breaches that may go unreported due to the misconceptions about how organisations might respond to them.  The NCSC recently published an article about why transparency around cyber attacks is a good thing for everyone.
The NCSC and the ICO may work on a cyber attack together if an incident brings down a business, severely impacts national services and infrastructure or massively disrupts people's data-to-day lives, however they consider that

A Dorchester school has recently suffered a cyber attack in the form of a Ransomware attack.
Following the attack the school has been left unable to use email or accept payments.
The school is working with the National Cyber Security Centre and the police to resolve the issue. The full article can be read here: https://www.bbc.co.uk/news/uk-england-dorset-65685607
The school remains open, with teaching adapted as needed and exams continuing as planned.

Comment from the

Malicious threat actors (hackers) are always developing new techniques to breach passwords.  This article lists the different types of password attacks and some defences/counter-measures which can be used to enhance password security.  In our experience, hackers are most successful at accessing school systems unlawfully using these methods.  Passwords continue to be a primary target for cyber criminals seeking unauthorised access to accounts.

Password security is a

Hackers and cyber criminals are continuously searching for vulnerabilities in software and systems to exploit for their own malicious gains.  

What are Zero-Day Vulnerabilities

Zero-day vulnerabilities refer to software flaws or weaknesses that are unknown to the software vendor and, consequently, unpatched at the time of discovery by cyber criminals.  These vulnerabilities are security holes that malicious threat actors (hackers) can exploit to gain unauthorised acces

The Cyber Security Breaches Survey is a research study for UK cyber resilience, aligning with the National Cyber Strategy.

The full report is here: Cyber Security Breaches Survey 2023

There is a separate annex published for education institutions, the full report is here: Cyber Security Breaches Survey 2023 Education Institutions Annex

In Summary, the percentage of organisations that have identified breaches or attacks in the last 12 months:

A Wiltshire secondary school has been severely affected by a targeted attack by hackers who demanded a ransom to restore access to its IT network.  The attack affected the school's local server, its website, internet access, Wi-Fi, printers and internal phone systems.

A full report can be read here: https://www.gazetteandherald.co.uk/news/23476464.hacker-demands-ransom-taking-control-wiltshire-schools/

The school's website was still down several days later.  An updat

The ICO recently published an updated article aimed at small business with tips for IT security - this advice would also be applicable for schools and colleges.  

This table shows the advice from the ICO and how areas of the Data Protection Education Knowledge Bank can help and guide you in those areas. 

ICO Recommendation DPE Knowledge Bank Links  Back up your data    Info/Cyber Security Checklist

 How secure is your se

This article explains why we recommend using PIN codes on printers and how it reduces the risk of a data breach - this recommendation often comes about after a Making the Rounds visit to your site.

Using PIN codes on printers provide several data protection benefits:

Prevent unauthorised access: By requiring a PIN code to access the printer, you can prevent unauthorised individuals from printing sensitive documents or accessing the printer's configuration settings.  I

This article explains what a DDoS attack is and how to manage if your organisation is attacked.

A DoS attack is a denial of service attack.  It occurs when users are denied access to computer services or resources, usually by overloading the service with requests.  Your server or your website will be repeatedly bombarded with requests for information or resources.  This overwhelms the system making it unusable and unavailable.

An attack becomes a 'distributed de

This article is linked to a series of articles about different types of Cyber Attacks. They can be viewed in the Information/Cyber Security News section of the Data Protection Education website or as part of the Information & Cyber Security Best Practice Area. Each article discusses a different type of cyber attack, steps to try to minimise the risk and guidance.

Phishing is a type of cyber attack in which an attacker tries to trick the victim into giving away sensitive