News

Cartoon of a criminal dressed in black with black hat, cyber criminal in orange on their chest, climbing out of a computer carrying a yellow computer folder on their shoulder

As a data protection officer we are seeing a rise in the number of cyber attacks on organisations.  We often find that the fact an actual crime has been committed is sometimes overlooked in the panic and need to recover data and get operations back up and running.  According to the National Crime Agency (NCA) cyber crime continues to rise in scale and complexity, affecting essential services, businesses and private individuals.  Cyber crime costs the UK billions of pounds, causes

NCSC Annual Cyber Review in white text, 2023 in white text on a blue background. Background is a tunnel of computer screens (like going through a black hole)

The National Cyber Security Centre looks back at it's key developments and highlights over the last year in it's 2023 annual review. The National Cyber Security Centre (NCSC), a part of GCHQ, is the UK’s technical authority for cyber security.

data breach in orange computer text on a computer screen with computer code

The British Computer Society (BCS) has recently published the biggest data leaks of 2023.  The leaks cover worldwide cyber attacks, but the lessons learned apply to organisations of all types all around the world.  The data breaches include The Guardian Newspaper, LastPass password manager, Royal Mail, MOVEit, Microsoft, The UK Electoral Commission.

Hands typing on a laptop. Laptop screen shows view of the Compliance manager which is part of the Data Protection Education Knowledge Bank portal.

We launched our Schools Best Practice area at the beginning of this term which includes specific guides and support for schools.  There is also a specific area for Trusts and the Central Team.  The Trusts Central Team section is a specific area for additional requirements and guidance for the central team of a trust and should be used in conjunction with the other tabs in the best practice area.  

Dark hooded person working on a laptop with a beam of a padlock and a password field. Be Cyber Aware in white cyber text and the Data Protection Education DPO services badge in the bottom right

Several countries have pledged never to pay cyber criminal ransoms and to collectively work toward disrupting their financial systems.  The members affirmed their joint commitment to building their collective resilience to ransomware.  They will share data on ransomware perpetrators and techniques and establish a blacklist of information about digital wallets used to facilitate rasomware payments.

A digital city with a dome around it showing protection, a white padlock at the top. Cyber resilience in white text. Data Protection Education DPO badge

The NCSC has recently published an article about creating resistant cloud backups as a way to be more resistant to the effects of destructive ransomware.

We all know that backups are an essential part of an organisation's cyber strategy and making regular backups is the most effective way to recover from a destructive ransomware attack, where an attacker's aim is to destroy or erase a victim's data. 

Be cyber aware in orange text on a blue background above a blue mobile phone, blue key store, blue key and a blue shield with a green tick inside it.

The NSA and CISA Red and Blue teams recently shared the top ten cyber security misconfigurations.  The schools we have worked with that have suffered a cyber attack often find that there are configurations, upgrades or user access controls that were missed.  This advisory highlights all of those and more - these are not in-depth configurations, but often ones that are set up incorrectly and then not checked or updated as time goes by. Although the advisory is aimed at larger organisati

Lettings and Best Practice in Blue text, hand dangling a bunch of keys. Data Protection Education DPO badge in the bottom left

During our data walks we are looking at data breach risks, in terms of 'Who has access to what data?'.  As part of our walk we may ask who has access to the school other than the employees and children attending, for example, Lettings.  As Lettings usually occur outside of the school working day, physical security can be overlooked or not thought about and so raises the risk of a data breach.  This article is launching our Lettings Checklist for schools which is shown at the end o

Childrens hands showing their palms each with a letter from the word 'Safety'. Blue text: "Online Safety Act Becomes Law"

The UK Online Safety Bill became law on Thursday 26th October.  The UK Government says the Online Safety Act will protect people, particularly children, on the internet.  The Act should make social media companies keep the internet safe for children and give adults more choice over what they see online.  Ofcom will immediately begin work on tackling illegal content and protecting children's safety.

  1. October is Cyber Security Awareness Month: 23. Filtering and Monitoring
  2. October is Cyber Security Awareness Month: 22. Hardware: Printers
  3. October is Cyber Security Awareness Month: 21. Hardware: Asset Control
  4. October is Cyber Security Awareness Month: 20. Hardware: Safe disposal
  5. October is Cyber Security Awareness Month: 19. Anti-virus/anti-malware
  6. October is Cyber Security Awareness Month: 18. Regular Updates
  7. October is Cyber Security Awareness Month: 17. Access Control (Users)
  8. October is Cyber Security Awareness Month: 16. Access Control (Wi-Fi/Network access)
  9. October is Cyber Security Awareness Month: 15. Access Control (working from home/off site)
  10. October is Cyber Security Awareness Month: 14. Access Control (MFA)
  11. October is Cyber Security Awareness Month: 13. Awareness
  12. October is Cyber Security Awareness Month: 11. Policies and Procedures
  13. October is Cyber Security Awareness Month: 12. Training
  14. October is Cyber Security Awareness Month: 10. Assess where you are with cyber security
  15. October is Cyber Security Awareness Month: 9. A guide for education providers
  16. October is Cyber Security Awareness Month: 8. How can your school prevent Ransomware attacks?
  17. October is Cyber Security Awareness Month: 7. What does a Ransomware attack on a school look like?
  18. Considerations when migrating to a new MIS
  19. October is Cyber Security Awareness Month: 6. Cyber Action Plan
  20. October is Cyber Security Awareness Month: 5. Responsibilities
  21. October is Cyber Security Awareness Month: 4. What to do in a cyber attack
  22. October is Cyber Security Awareness Month: 3. Data Security
  23. October is Cyber Security Awareness Month: 2. Privacy Protection
  24. October is Cyber Security Awareness Month: 1. Why is cyber security important?
  25. The importance of software updates (PaperCut vulnerability and Rhysida ransomware)
  26. Public bodies and sensitive data
  27. Adding offline bulk training using the Certificates function
  28. Ransomware, extortion and the cyber crime ecosystem
  29. ICO: 10 Step guide to sharing information to safeguard children
  30. Schools under Cyber Attack: September 2023
  31. Cyber Resource: The Cyber Resilience Centre Group
  32. Schools and Trusts Best Practice Area
  33. Email and Security: ICO recent guidance
  34. Help after a Cyber Attack/Incident
  35. Social Media Policy
  36. Data Protection and Cyber Security (Inset Day) Training Ideas
  37. Changes to Microsoft Free Licensing for Schools
  38. What to do in the event of a Cyber Attack
  39. Cyber Crime: AI Generated Phishing Attacks
  40. Handling Freedom of Information Requests the right way
  41. Cyber Attack: Exam Boards
  42. VICE SOCIETY - Ransomware attacks on schools
  43. Using Tags if you are a group of organisations in the DPE Knowledge Bank
  44. Where's Harry the Hacker?
  45. Be Cyber Aware: USB Sticks
  46. Cyber Insurance in the Public Sector
  47. Types of Cyber Attacks: DDos Attack (Microsoft DDoS Attack in June)
  48. Cyber Attack: Manchester University
  49. Cyber Attack: Leytonstone School
  50. The ICO Reprimands a school
  51. Be Cyber Aware: Firewalls
  52. Subject Access Requests (SARs)
  53. Be Cyber Aware: Cyber attacks and transparency. A no blame culture
  54. Cyber Attack: Dorchester School
  55. Knowledge Bank Role Types: Admin, Staff and Trustee
  56. Types of Cyber Attacks: Password Attacks
  57. Be Cyber Aware: Why regular software updates are important
  58. Cyber Security Breaches Survey 2023
  59. World Password Day - May 4th
  60. Cyber Attack: Wiltshire School
  61. Keeping your IT systems safe and secure
  62. Types of Cyber Attacks: DDoS Attacks
  63. Types of Cyber Attacks: Phishing
  64. Types of Cyber Attacks: The Insider Threat
  65. Why your data is profitable to cyber criminals
  66. Using WhatsApp in Schools
  67. The Changes to Data Protection in the UK
  68. Knowledge Bank Updates
  69. Types of malware and how they are linked to data protection
  70. Striking Data Breach
  71. Windows Server 2012 & 2012 R2 Retirement
  72. How to contact us for support, subject access requests, data breaches and FOI's
  73. YouTube breached child protection laws
  74. How a school fought back after a cyberattack
  75. Types of Cyber Attacks - Credential Stuffing
  76. January Cyber update - How Can Schools Help Prevent Cyber Attacks?
  77. End of Windows 8.1 Support
  78. Assigning courses to staff using to-dos
  79. How the Record of Processing Can Help You
  80. Information Security Basics: What are VPN's?
  81. What does a Data Protection Officer Do?
  82. Are you ready for a Data Breach?
  83. Blog: Best Practice on the Retention of Child Protection Information
  84. Carrying out Supplier Due Diligence
  85. Email and retention periods
  86. How Long Should You Keep Personal Data For?
  87. The Education sector now at highest risk of cyber attacks
  88. How to Assess your Data Security
  89. Schools Blocked from Using Facial Recognition Systems
  90. Sharing this year’s Nativity play online
  91. A quick introduction to the Phishing Simulation tool
  92. The Children's Code
  93. Recording vaccination of staff
  94. B&H FoI: Racist/religious incidents/bullying
  95. Cyber Attacks
  96. Protocol for Setting Up and Delivery of Online Teaching and Learning
  97. Class Dojo International Data Sharing
  98. Model Publication Scheme: Amendments, Improvements and Updates
  99. Child friendly privacy notices
  100. Transparency
  101. Parents and students covertly recording conversations
  102. SAR? ER? FOI?
  103. Secure file transfer of files using Royal Mail
  104. Emergency contacts and consent
  105. Key elements of a successful DPIA
  106. FOI Publication Schemes
  107. SHARE: Avoid disinformation online
  108. Best Practice for Managing Photos and Video
  109. New Drip Feeds: Recognise and Respond to Subject Access Request
  110. When to contact the Data Protection Officer?
  111. National child measurement programme
  112. Make sure DPE is your registered DPO with the ICO
  113. Compliance Manager released
  114. Headteacher fined for breach of data protection legislation
  115. Emails – good practice and minimising the risk of a data breach
©2024 Data Protection Education Ltd.

Search

  • News