search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
COMPUTING & IT RESOURCES


immediate issues due to staff and students having to work and learn from home, but there are also multiple risks from the leaked data, which could include personal details and email addresses. A data breach or cyber attack can create huge long- lasting problems with trust and reputation for the school or college.


While the Cyber Essentials certificate is not mandatory for education, it is a good idea to have one. This creates standards for every person and every device within the college, as well as an awareness of cyber security.


The Cyber Security Breaches Survey 2024 found there was a high awareness of the Cyber Essentials Certification for further education and higher education (91% and 97% respectively). However in primary schools, there was not a great level of awareness of the certification scheme, with only 20% of primary schools and 51% of secondary schools having heard of it. The NWCRC has developed a set of recommendations for the education sector to bolster their defences against cyber attacks. They also work with several educational institutions in the North West to conduct Simulated Phishing Exercises and cyber security training for staff.


Cyber security training and awareness for every employee - It’s really important to ensure all staff have cyber security training, specifically around identifying phishing attempts and keeping basic cyber hygiene. A single click on a link in one phishing email can lead to a much larger malware attack. Also consider training for students of any age, this will help protect you, but also give them important life skills to protect themselves.


Secure passwords and multi-factor authentication (MFA) - Make sure all staff and students are forced to use secure and complex passwords and are prompted to change passwords regularly. Passwords should not be written down anywhere at all. Enforce MFA for accounts wherever possible, it will provide a valuable barrier which can prevent many common attacks.


Update software regularly - All staff need to make sure that software on their laptops, computers and other devices are updated regularly and whenever prompted. This is to ensure that fraudsters cannot take advantage of weaknesses in the software.


Securing privileged accounts with extra security - Take extra steps to consider added security around privileged accounts and restrict accounts for anyone who does not need access to certain areas or programmes. This could include adding multi-factor authentication to any accounts that have access to finance and the ability to transfer money.


Closing dormant accounts - Leaving open accounts for staff or students who are no longer at the college can create an opportunity for a cyber attacker. It’s really important to keep on top of which accounts should be active and which accounts should be closed down.


Cyber Essentials - We would recommend that all educational establishments have the Cyber Essentials and Cyber Essentials Plus certification.


Cyber Incident Response Plan - It’s really important to have a Cyber Incident Response Plan in place that is updated regularly. The plan should include a series of steps that would be implemented in the case of any cyber breach, which include steps for the IT department, communication and escalation steps as well as a wider communication plan with stakeholders. It would also outline reporting obligations as an FE college.


Reporting - If a school or college experiences a cyber breach, it should be reported to Action Fraud. They also provide a 24hrs service for organisations suffering a live attack via 0300 123 2040. They will coordinate support from local police depending on the incident. If the cyber attack involves a data breach, you should consider the need to make a report to the Information Commissioner’s Office.


Overall, the key messages from the NWCRC and the National Cyber Security Centre (NCSC) are that the importance of having a robust cyber security strategy, training and protocol in place cannot be understated.


The NCSC website offers valuable resources and guidance for schools on cyber security. Educational institutions are strongly encouraged to utilise these resources to strengthen their defences and stay informed about the latest threats.


For more information, visit:


uhttps://www.ncsc.gov.uk/section/ education-skills/cyber-security-schools uwww.nwcrc.co.uk


44 www.education-today.co.uk


September 2024


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48