The Cyber Security Breaches Survey is a research study for UK cyber resilience, aligning with the National Cyber Strategy.
The full report is here: Cyber Security Breaches Survey 2023
There is a separate annex published for education institutions, the full report is here: Cyber Security Breaches Survey 2023 Education Institutions Annex
In Summary, the percentage of organisations that have identified breaches or attacks in the last 12 months:
A Wiltshire secondary school has been severely affected by a targeted attack by hackers who demanded a ransom to restore access to its IT network. The attack affected the school's local server, its website, internet access, Wi-Fi, printers and internal phone systems.
A full report can be read here: https://www.gazetteandherald.co.uk/news/23476464.hacker-demands-ransom-taking-control-wiltshire-schools/
The school's website was still down several days later. An updat
The ICO recently published an updated article aimed at small business with tips for IT security - this advice would also be applicable for schools and colleges.
This table shows the advice from the ICO and how areas of the Data Protection Education Knowledge Bank can help and guide you in those areas.
ICO Recommendation DPE Knowledge Bank Links Back up your data Info/Cyber Security ChecklistHow secure is your se
This article explains why we recommend using PIN codes on printers and how it reduces the risk of a data breach - this recommendation often comes about after a Making the Rounds visit to your site.
Using PIN codes on printers provide several data protection benefits:
Prevent unauthorised access: By requiring a PIN code to access the printer, you can prevent unauthorised individuals from printing sensitive documents or accessing the printer's configuration settings. I
This article explains what a DDoS attack is and how to manage if your organisation is attacked.
A DoS attack is a denial of service attack. It occurs when users are denied access to computer services or resources, usually by overloading the service with requests. Your server or your website will be repeatedly bombarded with requests for information or resources. This overwhelms the system making it unusable and unavailable.
An attack becomes a 'distributed de
This article is linked to a series of articles about different types of Cyber Attacks. They can be viewed in the Information/Cyber Security News section of the Data Protection Education website or as part of the Information & Cyber Security Best Practice Area. Each article discusses a different type of cyber attack, steps to try to minimise the risk and guidance.
Phishing is a type of cyber attack in which an attacker tries to trick the victim into giving away sensitive
This article is linked to a series of articles about different types of Cyber Attacks. They can be viewed in the Information/Cyber Security News section of the Data Protection Education website or as part of the Information & Cyber Security Best Practice Area. Each article discusses a different type of cyber attack, steps to try to minimise the risk and guidance.
The Cybersecurity and Infrastructure Security Agency (CISA) defines insider threat as the threat that an insider will
This article covers ways in which cyber criminals profit from their cyber crimes. Often we might think our data, if it is not financial, is not interesting or profitable to hackers, so this article discusses the different types of data that are stolen and why.
Financial data is the main data type that we all think of when considering why a hacker might steal information. Financial data can be sold to various individuals for different purposes. It is not uncommon for t
Malware is malicious software designed to harm computer systems and is linked to data protection in several ways.
Malware can be used to steal or compromise sensitive data stored on a computer system or network. This data could include personal information, financial data, or confidential business information. In this sense, malware poses a significant threat to data protection, as it can lead to data breaches and other security incidents.
Malware can
The main benefit of multi-factor authentication (MFA) is that it will enhance your organisation's security by requiring your users to identify themselves by more than a username and password. This makes stealing your information harder for the average criminal. It provides an added layer of security and is one of the most effective ways to prevent unauthorised access as it requires additional validation of login credentials. Over 80% of cyber breaches happen due to weak or stolen
The following article talks about how a school thwarted a cyber attack, more through luck than judgement. Our advice is for the whole organisation to be cyber aware and review how your organisation might respond when attacked. The article gives ideas on how to begin making a cyber ready plan.
In October 2020 Kellett School was subject to a ransomware denial-of-service (DoS) attack orchestrated by a Russian criminal hacker group. After the attack, a post m
This article is linked to a series of articles about different types of Cyber Attacks. They can be viewed in the Information/Cyber Security News section of the Data Protection Education website or as part of the Information & Cyber Security Best Practice Area. Each article discusses a different type of cyber attack, steps to try to minimise the risk and guidance