With the increase in Cyber crime against schools in the UK we are focusing in on what can be done to help prevent cyber crime in a way mangeable for school budgets.

 

Previously we reported on the rise in cyber attacks against schools in the UK in 2022:

https://dataprotection.education/infosec/301-vice-society-ransomware-attacks-on-schools

How can schools help prevent cyber attacks?

1.  Training and Awareness to build a defence - first and foremost, training of staff is the best way to prevent a cyber attack.  Making people aware and following best practices as a way to build a defence.  Provide training for staff through specific courses or posters for awareness:

https://dataprotection.education/courses-heading/stay-safe-online-ncsc

https://dataprotection.education/courses-heading/how-to-avoid-a-data-breach-information-and-cyber-security

https://dataprotection.education/best-practice-library/documents/drip-feeds

Raise awareness of phishing as this is the easiest way for threat actors (hackers) to obtain login information:

https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44

https://dataprotection.education/member-dashboard/campaigns-list/campaigns?filter[tags]=

Set up Multifactor Authentication:

https://support.microsoft.com/en-us/topic/what-is-multifactor-authentication-e5e39437-121c-be60-d123-eda06bddf661

2. Best Practices that build security - have a good password policy that enforces complexity and general data governance controls, teach staff how to keep their passwords safe:

https://www.hipaajournal.com/world-password-day/

https://dataprotection.education/courses-heading/password-security

https://dataprotection.education/best-practice-library/best-practice/passwords

3. Technology Defences - move to the cloud where possible. Implement security solutions, specifically those securing access and identity through preventative controls. Ensure all devices are running the latest security patches. Backup, backup, backup - and practice a restore:

https://dataprotection.education/courses-heading/how-to-avoid-a-data-breach-information-and-cyber-security

https://dataprotection.education/best-practice-library/best-practice/information-security

https://www.ecpi.edu/blog/how-can-cloud-computing-improve-security

https://ico.org.uk/for-organisations/accountability-framework/records-management-and-security/#Access

4. Know what to do when attacked - plan out response and recovery capability. Ensure that the right people and decision makers are well versed and organised from the outset.  Don't forget that you might need to report a Cyber Attack to your data protection officer and the ICO:

https://drive.google.com/file/d/11-O0OQXC8JQleE7HEIqWVR_mYWJUI8l4/preview 

https://dataprotection.education/best-practice-library/documents/information-technology-security/131-dpe-business-continuity-template

https://ico.org.uk/media/for-organisations/documents/2614816/responding-to-a-cybersecurity-incident.pdf

https://www.gov.uk/guidance/where-to-report-a-cyber-incident

LGFL provide lots of free support and guidance for schools:

https://national.lgfl.net/security/protectionlayers

as do the NCSC:

https://www.ncsc.gov.uk/cyberaware/home#section_2

https://www.ncsc.gov.uk/blog-post/uk-schools-build-cyber-resilience

Further reading about The Enduring Impact of Cyber Crime: https://www.computing.co.uk/opinion/4062886/enduring-impact-cyber-crime?utm_id=f7e361e105abf1b25b32d48ad84e6ece&utm_term=&utm_campaign=CTG%20Daily%20V2&utm_content=%0A%20%20%20%20%20%20%20%20The%20enduring%20impact%20of%20cyber%20crime%0A%20%20%20%20%20%20&utm_medium=email&utm_source=CTG%20newsletters%20V2