Be Cyber Aware in orange text on a blue computer with Data Protection Education Logo

This article is one in a series of articles about raising cyber awareness in an organisation.  We visit a number of organisations through our data walks and often discuss the use of USB sticks with staff and are told that they are not allowed.  Yet we will see them in use during the walk.  A verbal/written policy is not the same as prevention and detection.  This article will discuss methods for detection and why.

The word cyber insurance in blue on a computer screen with a finger pointing at it

This article is about cyber insurance in the public sector, particularly in relation to schools.  Cyber insurance is a special type of insurance intended to protect businesses from internet-based risks, and more generally risks relating to information technology infrastructure and activities.  It is also known as cyber liability insurance or cyber risk insurance. 

Cyber attack in red text on a computer screen with blue computer code

This article is an article about DDos attacks and is part of a series of articles about different types of cyber attacks. Denial-of-service (DoS) attacks are a type of cyber attack targeting a specific application or website with the goal of exhausting the target system’s resources, which, in turn, renders the target unreachable or inaccessible, denying legitimate users access to the service.

Cyber attack in red text on a computer screen with other random computer text

Manchester University was hit by a cyber attack last week, with the possibility that personal data was stolen by the attacker.  A statement was made on their website by Patrick Hackett, Registrar, Secretary and Chief Operating Officer:

"Regrettably, I have to share with you the news that the University is the victim of a cyber incident. It has been confirmed that some of our systems have been accessed by an unauthorised party and data have likely been copied. Our in-house ex

Cyber attack written in computer text on a computer in red

This article is about a recent cyber attack on Leytonstone School.  The school in Waltham Forest has been closed since half term after it was targeted and a significant amount of personal data was accessed.

The school is still closed to all pupils other than those taking their GCSEs because the school currently does not have a single central record (SCR), sometimes referred to as a single central register.  An SCR is a statutory requirement for all schools and academies in E

Blue data breach text on blue cyber background,  and orange reprimand stamp

A reprimand has been issued by the ICO to Parkside Community Primary School in relation to the infringements of Article 5 (1)(f), Article 24 (1) and Article 32 of the UK GDPR. This article discusses the reprimand and looks and what schools can do to avoid this type of breach.

Some of the information in the reprimand document is redacted, but the main details are:
A safeguarding email was shared in the classroom via the electronic whiteboard. The ICO has found that the school

Be Cyber Aware orange text on blue background with cartoon computer devices

This article is about firewalls and how they can help in your plan towards being cyber resilient.

What is a firewall?  Think of a firewall as an intruder detection system for your organisation's network.   It is a virtual barrier between your computer or network and the internet. Its role is to keep an eye on all the incoming and outgoing data, like a security guard watching the entrance to your house or office.  The main purpose of a firewall is to protect your co

Image of a hand holding a phone with a white keyboard and the word 'Access'

As we are in the last part of the school year, this is often the time that we see a rise in the number of Subject Access Requests received by schools.  This article, therefore, covers guidance and support around subject access requests, how to recognise them and how to respond.

What is the right of access? Commonly referred to as a subject access request (SAR), gives someone the right to obtain a copy of their personal information from your organisation.
Do people have to submit a

Blue cyber aware cartoon showing computer and network and Data Protection Education logo

This article is about cyber attacks and data breaches that may go unreported due to the misconceptions about how organisations might respond to them.  The NCSC recently published an article about why transparency around cyber attacks is a good thing for everyone.
The NCSC and the ICO may work on a cyber attack together if an incident brings down a business, severely impacts national services and infrastructure or massively disrupts people's data-to-day lives, however they consider that

coloured computer textm spelling Cyber Attack

A Dorchester school has recently suffered a cyber attack in the form of a Ransomware attack.
Following the attack the school has been left unable to use email or accept payments.
The school is working with the National Cyber Security Centre and the police to resolve the issue. The full article can be read here: https://www.bbc.co.uk/news/uk-england-dorset-65685607
The school remains open, with teaching adapted as needed and exams continuing as planned.

Comment from the

Photo of Data Protection Education Knowledge Bank Dashboard

This article is about the different user types available on the Knowledge Bank and what they have access to.
Details about how to add users onto the Knowledge Bank can be found in the Using the Knowledge Bank Best Practice Library: How to add users to the Knowledge Bank

Hands typing in a password field, showing the password field as asterisks

Malicious threat actors (hackers) are always developing new techniques to breach passwords.  This article lists the different types of password attacks and some defences/counter-measures which can be used to enhance password security.  In our experience, hackers are most successful at accessing school systems unlawfully using these methods.  Passwords continue to be a primary target for cyber criminals seeking unauthorised access to accounts.

Password security is a

Be Cyber Aware: Why regular software updates are important

Hackers and cyber criminals are continuously searching for vulnerabilities in software and systems to exploit for their own malicious gains.  

What are Zero-Day Vulnerabilities

Zero-day vulnerabilities refer to software flaws or weaknesses that are unknown to the software vendor and, consequently, unpatched at the time of discovery by cyber criminals.  These vulnerabilities are security holes that malicious threat actors (hackers) can exploit to gain unauthorised acces

Cyber Security Breaches Survey 2023

The Cyber Security Breaches Survey is a research study for UK cyber resilience, aligning with the National Cyber Strategy.

The full report is here: Cyber Security Breaches Survey 2023

There is a separate annex published for education institutions, the full report is here: Cyber Security Breaches Survey 2023 Education Institutions Annex

In Summary, the percentage of organisations that have identified breaches or attacks in the last 12 months:

Cyber Attack: Wiltshire School

A Wiltshire secondary school has been severely affected by a targeted attack by hackers who demanded a ransom to restore access to its IT network.  The attack affected the school's local server, its website, internet access, Wi-Fi, printers and internal phone systems.

A full report can be read here: https://www.gazetteandherald.co.uk/news/23476464.hacker-demands-ransom-taking-control-wiltshire-schools/

The school's website was still down several days later.  An updat

Keeping your IT systems safe and secure

The ICO recently published an updated article aimed at small business with tips for IT security - this advice would also be applicable for schools and colleges.  

This table shows the advice from the ICO and how areas of the Data Protection Education Knowledge Bank can help and guide you in those areas. 

ICO Recommendation DPE Knowledge Bank Links  Back up your data    Info/Cyber Security Checklist

 How secure is your se

Types of Cyber Attacks: DDoS Attacks

This article explains what a DDoS attack is and how to manage if your organisation is attacked.

A DoS attack is a denial of service attack.  It occurs when users are denied access to computer services or resources, usually by overloading the service with requests.  Your server or your website will be repeatedly bombarded with requests for information or resources.  This overwhelms the system making it unusable and unavailable.

An attack becomes a 'distributed de

Types of Cyber Attacks: Phishing

This article is linked to a series of articles about different types of Cyber Attacks. They can be viewed in the Information/Cyber Security News section of the Data Protection Education website or as part of the Information & Cyber Security Best Practice Area. Each article discusses a different type of cyber attack, steps to try to minimise the risk and guidance.

Phishing is a type of cyber attack in which an attacker tries to trick the victim into giving away sensitive

Types of Cyber Attacks: The Insider Threat

This article is linked to a series of articles about different types of Cyber Attacks. They can be viewed in the Information/Cyber Security News section of the Data Protection Education website or as part of the Information & Cyber Security Best Practice Area. Each article discusses a different type of cyber attack, steps to try to minimise the risk and guidance.

The Cybersecurity and Infrastructure Security Agency (CISA) defines insider threat as the threat that an insider will

Why your data is profitable to cyber criminals

This article covers ways in which cyber criminals profit from their cyber crimes.  Often we might think our data, if it is not financial, is not interesting or profitable to hackers, so this article discusses the different types of data that are stolen and why.

Financial data is the main data type that we all think of when considering why a hacker might steal information.  Financial data can be sold to various individuals for different purposes. It is not uncommon for t

  1. Using WhatsApp in Schools
  2. The Changes to Data Protection in the UK
  3. Knowledge Bank Updates
  4. Types of malware and how they are linked to data protection
  5. Striking Data Breach
  6. Windows Server 2012 & 2012 R2 Retirement
  7. How to contact us for support, subject access requests, data breaches and FOI's
  8. YouTube breached child protection laws
  9. How a school fought back after a cyberattack
  10. Types of Cyber Attacks - Credential Stuffing
  11. January Cyber update - How Can Schools Help Prevent Cyber Attacks?
  12. End of Windows 8.1 Support
  13. Assigning courses to staff using to-dos
  14. How the Record of Processing Can Help You
  15. Information Security Basics: What are VPN's?
  16. What does a Data Protection Officer Do?
  17. Are you ready for a Data Breach?
  18. Blog: Best Practice on the Retention of Child Protection Information
  19. Carrying out Supplier Due Diligence
  20. Email and retention periods
  21. How Long Should You Keep Personal Data For?
  22. The Education sector now at highest risk of cyber attacks
  23. How to Assess your Data Security
  24. Schools Blocked from Using Facial Recognition Systems
  25. Sharing this year’s Nativity play online
  26. A quick introduction to the Phishing Simulation tool
  27. The Children's Code
  28. Recording vaccination of staff
  29. B&H FoI: Racist/religious incidents/bullying
  30. Cyber Attacks
  31. Protocol for Setting Up and Delivery of Online Teaching and Learning
  32. Class Dojo International Data Sharing
  33. Model Publication Scheme: Amendments, Improvements and Updates
  34. Child friendly privacy notices
  35. Transparency
  36. Parents and students covertly recording conversations
  37. SAR? ER? FOI?
  38. Secure file transfer of files using Royal Mail
  39. Emergency contacts and consent
  40. Key elements of a successful DPIA
  41. FOI Publication Schemes
  42. SHARE: Avoid disinformation online
  43. Best Practice for Managing Photos and Video
  44. New Drip Feeds: Recognise and Respond to Subject Access Request
  45. When to contact the Data Protection Officer?
  46. National child measurement programme
  47. Make sure DPE is your registered DPO with the ICO
  48. Compliance Manager released
  49. Headteacher fined for breach of data protection legislation
  50. Emails – good practice and minimising the risk of a data breach

Search