As we have seen an increase in the number of cyber attacks on schools we wanted to highlight a white paper that has been produced by the National Cyber Security Centre (NCSC), part of GCHQ and the Nat
The ICO have published a 10 step guide to sharing information to safeguard children or young people from physical, emotional or mental harm. The new guidance addresses concerns from organisation
A number of schools have recently been victims of cyber attacks, some of whom we have been working with to determine the extent of the data breaches. The current attacks seem to be directed at&n
We wanted to highlight an organisation called the National Cyber Resilience Centre Group which consists of nine regional centres in the UK that were set up to strenghten the reach of cyber resili
We've put all the specific school and trust related data protection guides, documents and queries into one area to make it easier for you. As data protection is closely linked to cyber security the se
The ICO has recently published new guidance about bulk email communications following a number of data breaches caused by the incorrect usage of CC and BCC (carbon copy and blind carbon copy). E
The time following a cyber attack can be very stressful, and in the heat of the moment it can be difficult to know what the best thing to do between working out what went wrong, how to recover and wha
We've created a model Social Media Policy. The policy outlines guidelines and expectations for the use of social media platforms by individuals and employees associated with an organisation.&nbs
Are you looking for some data protection training for your inset day(s) at the start of term? Here are some ideas about how to raise awareness around data protection and cyber security for your
Microsoft has recently announced the planned retirement of the Microsoft A1 Licenses for Education. According to Program Updates in Microsoft 365 for Education page the main reason is
We've produced a document to provide help and guidance in the event of a cyber attack. The document is part of our Information and Cyber Security Best Practice Area and covers:This doc
For those outside the computing world, it feels as though AI (Artificial Intelligence) has suddenly appeared and having a huge impact on the rest of the world. Artificial intelligence is intelli
The Information Commissioner's Office have recently put Leicester City Council forward as an FOI (Freedom of Information) best practice example. An FOI refers to a request under the Freedom of In
Surrey Police are investigating a fraud and computer misuse allegation at AQA, England's largest exam board which follows the recent data breach reported by Cambridgeshire Policy into a data breach wi
This article was originally published in January 2023, but has been updated with some additional information, following further ransomware attacks on schools in the UK. Highly confidential documents f
If you are a group of organisations such as a multi academy trust and a member of the central team, it can be useful to view all of the organisations/schools and the main organisation/trust deta
This article is one in a series of articles about raising cyber awareness in an organisation. We visit a number of organisations through our data walks and often discuss the use of USB sticks wi
This article is about cyber insurance in the public sector, particularly in relation to schools. Cyber insurance is a special type of insurance intended to protect businesses from internet-based
This article is an article about DDos attacks and is part of a series of articles about different types of cyber attacks. Denial-of-service (DoS) attacks are a type of cyber attack targeting a sp
Manchester University was hit by a cyber attack last week, with the possibility that personal data was stolen by the attacker. A statement was made on their website by Patrick Hackett, Registrar
This article is about a recent cyber attack on Leytonstone School. The school in Waltham Forest has been closed since half term after it was targeted and a significant amount of personal data wa
A reprimand has been issued by the ICO to Parkside Community Primary School in relation to the infringements of Article 5 (1)(f), Article 24 (1) and Article 32 of the UK GDPR. This article discusses t
This article is about firewalls and how they can help in your plan towards being cyber resilient.What is a firewall? Think of a firewall as an intruder detection system for your organisation's n
As we are in the last part of the school year, this is often the time that we see a rise in the number of Subject Access Requests received by schools. This article, therefore, covers guidance an
This article is about cyber attacks and data breaches that may go unreported due to the misconceptions about how organisations might respond to them. The NCSC recently published an article about
A Dorchester school has recently suffered a cyber attack in the form of a Ransomware attack.Following the attack the school has been left unable to use email or accept payments.The school is working w
This article is about the different user types available on the Knowledge Bank and what they have access to.Details about how to add users onto the Knowledge Bank can be found in the Using the Knowled
Malicious threat actors (hackers) are always developing new techniques to breach passwords. This article lists the different types of password attacks and some defences/counter-measures whi
Hackers and cyber criminals are continuously searching for vulnerabilities in software and systems to exploit for their own malicious gains.
What are Zero-Day Vulnerabilities
Zero-day vu
The Cyber Security Breaches Survey is a research study for UK cyber resilience, aligning with the National Cyber Strategy.
The full report is here: Cyber Security Breaches Survey 2023
Ther
May 4th is World Password Day - it's good to have a day to consider how secure your passwords are and where you store that information.
Intel created World Password Day - the first Thursday of May -
A Wiltshire secondary school has been severely affected by a targeted attack by hackers who demanded a ransom to restore access to its IT network. The attack affected the school's local server,
The ICO recently published an updated article aimed at small business with tips for IT security - this advice would also be applicable for schools and colleges.
This table shows the
This article explains what a DDoS attack is and how to manage if your organisation is attacked.
A DoS attack is a denial of service attack. It occurs when users are denied access to computer se
This article is linked to a series of articles about different types of Cyber Attacks. They can be viewed in the Information/Cyber Security News section of the Data Protection Education webs
This article is linked to a series of articles about different types of Cyber Attacks. They can be viewed in the Information/Cyber Security News section of the Data Protection Education website or as
This article covers ways in which cyber criminals profit from their cyber crimes. Often we might think our data, if it is not financial, is not interesting or profitable to hackers, so this arti
This article is about the use of WhatsApp as a communication tool in schools and recent vulnerabilities. It discusses school staff using WhatsApp as a communication method for school business.
We are
This articles lists the latest updates and new documents to the Knowledge Bank.
Password checklist
Information/Cyber Security Checklist
Supplier Due Diligence Form
Inform
Malware is malicious software designed to harm computer systems and is linked to data protection in several ways.
Malware can be used to steal or compromise sensitive data stored on a
The headteacher of a grammar school has left her role after sending parents a list of the teachers going on strike.
The Headteacher at King Edward VI Five Ways Grammar school in Birmingham had
This article is a reminder that Microsoft will stop support for both Windows Server 2012 and Windows Server 2012 R2 after October 10th 2023. Keeping software up to date on devices is best practi
This article lists the ways that Data Protection Education can be contacted for general data protection queries, data breaches, subject access requests and freedom of information requests.
While all
The following article talks about how a school thwarted a cyber attack, more through luck than judgement. Our advice is for the whole organisation to be cyber aware and review how your orga
This article is linked to a series of articles about different types of Cyber Attacks. They can be viewed in the Information/Cyber Security News section of the Data Protection Education webs
With the increase in Cyber crime against schools in the UK we are focusing in on what can be done to help prevent cyber crime in a way mangeable for school budgets.
Given the current financial pressure on schools it is very likely there are devices in schools running out of date software. This article looks at the most recent version of Windows that support has
What does the NCSC 2022 Annual Review, published this week, mean for schools? It’s been a busy year for education already with school budgets hit by unplanned teacher pay rises and doubling energy b
A giant of the adtech industry in France has recently been fined for breaching the European Union data protection regulation. A multi year investigation has been conducted by France’s national priva
We’ve discussed in the past the use of biometric systems in UK schools, and how privacy advocates have expressed concern over the collection of the biometric data of students. They feel that not onl
Cybersecurity should be seen as a key element of normal working practices.
On the 10th October 2022 the DfE issued updated cybersecurity standards for schools. Given most of the standards should al
Facebook gets a small win in Europe
EU regulators are currently at odds on how to prevent Facebook’s parent company, Meta from transferring EU user data to the US. The draft decision, made in Irela
Google urges Android partners to apply latest security patches
Google releases a monthly security bulletin, and in their recent edition they have outlined their latest patches for Android systems, wh
Recently we’ve been breaking down the Online Safety Bill, which had an updated and strengthened version published by the government recently, and it had gone through parliamentary scrutiny. So far w
The government have recently published an updated version of The Online Safety Bill, after it has gone through Parliamentary Scrutiny. The outcome of this is, according to the government, a stronger a
Over the coming weeks we’ll be publishing a series of articles on the Online Safety Bill. Today, as an introduction, we’ll look through the basics of the Bill, and what it means for organisations
Officials in Denmark have recently carried out a risk assessment around the risks posed by Google when processing personal data for schools. As a result of this investigation, schools in Denmark have
Our first cyber security story involves another new Whatsapp scam where cyber criminals are posing as Whatsapp user's friends and family and asking them to send them money. Scammers send the victim a
Children Aged 10 and Older
Children aged 10 and older can be arrested, interviewed and charged with criminal offences and, if found guilty, they will receive a criminal record. The UK has the you
Disney Sign New Automated Advertising Deal
Disney have recently signed a new deal with a global ad tech company called The Trade Desk which will allow brands to to use targeted automated advertising
Parents and guardians with parental responsibility often use SAR’s as way to obtain the educational record of their children. There appears to be two reasons why this may be the case. Firstly,
Earlier this year, in response to the conflict between Russia and Ukraine, NCSC urged organisations to focus on heightening their cyber security programme. Since the beginning of the conflict, there h
In the future, there could be less fines being handed out to Public sector organisations, according to the ICO’s new data protection regulator. The thought behind this comes from the idea that using
There are fresh data privacy concerns surrounding Tiktok, after a report by BuzzFeed has brought into question the validity of TikTok’s claim that they had started routing US users’ data to US-bas
Potential Changes to ‘Cookies’
As part of the Government’s proposed changes to data protection laws, one of the areas that would see changes is the practices around cookie consent. Curren
A new article by The Washington Post discusses how App companies are using loopholes in privacy law to harvest the personal data of children. Geoffrey Fowler, a technology columnist, provides a worryi
The Human Rights Watch have recently published a report on the relation between virtual schooling and data tracking. The report finds that there is a potentially worrying gap between how kids use onli
The first story we’ll be discussing is one involving Facebook, and Mark Zuckerberg. Recently, a new lawsuit has been filed against Zuckerberg by Attorney Karl A. Racine. Zuckerberg is being sued for
With the ICO’s Children’s Code being brought into effect last year, it is now a legal requirement that organisations that deal with children’s data uphold their rights as a priority, accor
In this edition of cyber news roundup, we’ll be looking at the continuing cyber threat to health and education sectors, the risks that app stores pose to users, and 2021’s most exploited vulnerabi
There has been a new report published on the use of biometric data in schools. The report is entitled ‘The State of Biometrics 2022: A Review of Policy and Practice in UK Education’, and you can f
Amazon’s latest entry into the smart home device technology is their Astro bot, which they describe as:
“The household robot for home monitoring, with Alexa. When you're away, use the Astro app t
The Record of Processing can often seem like a daunting process to undertake- but it’s important to view it as exactly that- a process. Documenting the processes your organisation carries out is an
In April's Cyber News Update, we take a look at breaches that have impacted Funky Pigeon and WhatsApp, as well security updates and cyber threat advice.
The Department for Digital, Culture, Media and Sport have recently published their annual report from their Cyber Security Breaches Survey. As part of this, they have also published a report which loo
2022 Security Breach Report Published
The Cyber Security Breaches Survey for 2022 has recently been published by The Department for Digital, Culture, Media and Sport- the full version of which you ca
VPN’s have become commonplace over the past couple of years, with every content creator out there having at some point been sponsored by Nord VPN (other VPN providers are available). VPN's are mostl
Organisations in Ukraine are the target of Destructive Malware
Agencies in the US and Australia have published alerts in response to a recent increase in cyber threats to organisations in Ukr
Data Protection Education are leading specialists in Data Protection for Schools and Trusts, with the key service that we offer being a Data Protection Officer (DPO) service. Under UK GDPR, Public Aut
Recently there has been an annual study published by Ponemon Institute (sponsored by Experian) entitled “Is Your Company Ready for a Big Data Breach?”. The study looks at the state of breach prepa
When we talk about information security and cybersecurity, those that write about this area can often use complex and technical terms, assuming that the reader has the required knowledge to fully unde
Microsoft Azure Breach Leads to Student Data Exposure
Researchers and Clario published a report which outlined how an open Microsoft Azure repository indexed by a public search engine which needed
It’s been far too long since we’ve checked in with Facebook (now Meta), and their ongoing mission to make as much money as possible from our data, so we thought we would discuss the Metaverse, wit
The NCSC has provided some insight and guidance changes on Security practices in the past week which will be the topic of this week’s cyber update. Below is a summary of their guidance, with some ad
The 1st of January, the 25th of December, and the 28th of January- the three biggest dates in the calendar each year for being New Years Day, Christmas Day and of course, Data Privacy Day.
Retention of Child Protection Information is for 25 years from the DOB of the Pupil
The Education (Pupil Information)(England) Regulations 2005 (SI 2005/1437 states that pupil records should be
With cyber threats increasing every month, we’ll be looking to provide weekly updates on the different cyber security threats that have taken place recently to highlight all the different ways in wh
At Data Protection Education, we are carrying out an ongoing project on assessing potential organisations that our schools are either currently contracted with to supply a product or service, or may i
With great power comes great responsibility and internet companies should be starting to appreciate and take more seriously the responsibilities they hold further to the publication of the report by t
Email is the classic GDPR issue - it's not about the system where we store things, it's about the process and how that data is used. So ask yourself, what is the content of the email and what does it
A recent study conducted by Check Point Research which can be found at the bottom of this article has found that there has been a 29% increase in cyberattacks on organisations in the education sector
Cyber attacks are on the up, and with the education sector seeing the highest number of cyber attacks of any sector since the start of the pandemic, as well as the highest increase in attacks in that
Our news story this week is from TechCrunch, who have an article regarding The European Data Protection Board (EDPB), who have called for the EU to phase out, and eventually prohibit the use of target
On the 10th of November 2021, The Supreme Court announced their long awaited decision regarding a lawsuit between Mr Lloyd and Google. The court found unanimously in favour of Google, and dismissed th
With biometric technology becoming more and more prevalent in society, the governance of the personal data that organisations collect from using this technology has recently been a topic of discussion
Another week, another Facebook story. Don’t worry, we're not slowly becoming a Facebook news outlet, they just keep making headlines in the world of data protection, and this time seemingly for a po
On September 9th, the UK Government published their Consultation Paper on Reforms to the UK Data Protection Regime-'Data: A New Direction', where they outlined proposed changes to GDPR since leavin
How to share this year’s Nativity play online safety
Schools will have good intentions in wanting to share this year’s Nativity play online. But how do you ensure you do this safely and adhere to