InfoSec / Cyber

The word cyber insurance in blue on a computer screen with a finger pointing at it

This article is about cyber insurance in the public sector, particularly in relation to schools.  Cyber insurance is a special type of insurance intended to protect businesses from internet-based risks, and more generally risks relating to information technology infrastructure and activities.  It is also known as cyber liability insurance or cyber risk insurance. 

Cyber attack in red text on a computer screen with blue computer code

This article is an article about DDoS attacks and is part of a series of articles about different types of cyber attacks. Denial-of-service (DoS) attacks are a type of cyber attack targeting a specific application or website with the goal of exhausting the target system’s resources, which, in turn, renders the target unreachable or inaccessible, denying legitimate users access to the service.

Cyber attack written in computer text on a computer in red

This article is about a recent cyber attack on Leytonstone School.  The school in Waltham Forest has been closed since half term after it was targeted and a significant amount of personal data was accessed.

The school is still closed to all pupils other than those taking their GCSEs because the school currently does not have a single central record (SCR), sometimes referred to as a single central register.  An SCR is a statutory requirement for all schools and academies in England and Wales to keep and maintain one single record of pre-appointment vetting checks, regulated activity and recording information of all staff. The record is normally kept up to date by a member of the admin staff, but overall responsibility lies with governors (or equivalent) and delegated to headteachers.  It is an essential safeguarding document and must be maintained, reviewed and audited on a regular basis.  It will probably be one of the first documents that Ofsted will ask to see.  Any guidance relating to the SCR should also be read in conjunction with the current version of the Keeping Children Safe in Education (KCSIE) document.

There is no defined format for the SCR and most schools hold it electronically as a password protected Excel document.  As well as employees, it should also include:

  • any volunteer who is in regulated activity
  • people brought into the school to provide regular additional teaching or instruction but who are employed by another organisation such as peripatetic music teachers, sports coaches etc.
  • supply teachers
  • contract staff such as cleaners or caterers
  • Governors
  • Members of the proprietor body (trustees or directors) in independent schools including academies

As a result of the cyber attack at Leytonstone School there is also no WiFi and phone system, but it is the missing SCR that prevents the school from opening.  Our advice would be to always ensure there are secure offsite (cloud) backups of essential files, in addition to local backups.  The security of the SCR should be part of the school's business plan which should be discussed regularly at governing body meetings.  Review:  alongside Governors and Data Best Practice Area to understand how governor responsibilities relate to business continuity and cyber strategy.

View our Information & Cyber Security Best Practice Library for cyber help and guidance.

Download our Business Continuity Template.

We would also recommend viewing the National Cyber Security's pages that provide cyber security advice for schools, which includes free training: NCSC Cyber Security training for schools.
We provide additional Cyber Security Training: How to avoid a data breach: Information and Cyber security.

Further details about what has happened at the school can be viewed in this article by the Evening Standard: Leytonstone School forced to close after IT system hacked.

What to do in the event of a Cyber Attack 

Incidents or attacks where any security breaches may have taken place, or other damage was caused, should be reported to an external body. 

The SLT digital lead will be responsible for assigning someone to report any suspicious cyber incidents or attacks. This person will need to report this to: 

  • Report Fraud on 0300 123 2040, or the Report Fraud website 
  • the DfE sector cyber team at This email address is being protected from spambots. You need JavaScript enabled to view it. 

You may also need to report to: 

You must act in accordance with: 

Police investigations may find out if any compromised data has been published or sold and identify the perpetrator. 

Preserving evidence is as important as recovering from the crime.

Forward suspicious emails to This email address is being protected from spambots. You need JavaScript enabled to view it.. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

Little Guide to ACTION FRAUD

Be Cyber Aware orange text on blue background with cartoon computer devices

This article is about firewalls and how they can help in your plan towards being cyber resilient.

What is a firewall?  Think of a firewall as an intruder detection system for your organisation's network.   It is a virtual barrier between your computer or network and the internet. Its role is to keep an eye on all the incoming and outgoing data, like a security guard watching the entrance to your house or office.  The main purpose of a firewall is to protect your computer or network from harm.  It helps to prevent unauthorised access, like hackers. It also helps to stop viruses, malware or other malicious software from infecting your system.  It acts as a shield, keeping your personal and sensitive information safe.

Your firewall may be managed by your IT or internet provider.  Often they will be at default settings, so it is good to ask your provider about the following:

  • Have functions, accounts and services not needed been disabled or removed?
  • Has the default password been changed and only shared with authorised personnel?
  • Has access to the admin interface from the internet been prevented - unless there is a clear and documented business need?
  • Is the admin interface protected by multi factor authentication?

Setting up a firewall can be a complex task but is often provided by your IT support or internet provider.

What kind of rules should be set?

  • Outgoing connections should be allowed - this allows you to browse the internet.
  • Unauthenticated inbound connections should be blocked.
  • Firewall rules should be approved and documented by the authorised individual for specific services which should be regularly reviewed.
  • Permissive firewall rules should be removed or disabled when they are no longer needed.
  • Access should be restricted to certain ports and regularly reviewed.
  • Specific IP addresses or ranges should be filtered and regularly reviewed.
  • Logging should be enabled.


Further guidance for schools can be found in the DFE document: Cyber Security Standards for Schools and Colleges.  The document discusses the importance of firewalls and how they make scanning for suitable hacking targets much harder - hackers will always try to find the easiest route for an attack so making it difficult makes an attack less likely.

Further help and advice can be found in our Information & Cyber Security Best Practice Library and further questions to ask can be found in our Information/Cyber Security Checklist.  The checklist covers the following areas:

  • Governance and policies
  • IT checks
  • Physical Checks


Firewalls also have vulnerabilities and hackers will always try to exploit vulnerabilities as discussed in this Computing article: Major firewall maker alerts customers to vulnerabilities.

Consider the use of secure methods and organisational devices for staff required to work from home.  Review our Work out of school Best Practice Area. Ensure that there is secure remote access, especially if a school server needs to be accessed.

What to do in the event of a Cyber Attack 

Incidents or attacks where any security breaches may have taken place, or other damage was caused, should be reported to an external body. 

The SLT digital lead will be responsible for assigning someone to report any suspicious cyber incidents or attacks. This person will need to report this to: 

  • Report Fraud on 0300 123 2040, or the Report Fraud website 
  • the DfE sector cyber team at This email address is being protected from spambots. You need JavaScript enabled to view it. 

You may also need to report to: 

You must act in accordance with: 

Police investigations may find out if any compromised data has been published or sold and identify the perpetrator. 

Preserving evidence is as important as recovering from the crime.

Forward suspicious emails to This email address is being protected from spambots. You need JavaScript enabled to view it.. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

Little Guide to ACTION FRAUD

Blue cyber aware cartoon showing computer and network and Data Protection Education logo

This article is about cyber attacks and data breaches that may go unreported due to the misconceptions about how organisations might respond to them.  The NCSC recently published an article about why transparency around cyber attacks is a good thing for everyone.
The NCSC and the ICO may work on a cyber attack together if an incident brings down a business, severely impacts national services and infrastructure or massively disrupts people's data-to-day lives, however they consider that a large number of attacks may go unreported.  The article talks about a number of myths:

Myth 1 - If I cover up an attack everything will be OK - of course it won't.  Every successful cyber attack that is hushed up, with no investigation or information sharing, makes other attacks more likely because no one learns from it.  Keeping your cyber incident a secret doesn't help anyone except the criminals.

Myth 2 - Reporting to the authorities makes it more likely the incident will go public.  Your confidentiality will be respected and both the NCSC and ICO don't proactively make information public, or share it with regulators without your consent.  Remember your regulatory responsibilities.

Myth 3 - Paying the ransom quickly to get the decryption key and restore services doesn't always help.

Myth 4 - I've got offline backups, I won't need to pay a ransom.

Myth 5 - If there is no evidence of data theft, you don't need to report to the ICO.  You should always start from the assumption that it has been taken.

Myth 6 - You'll only get a fine if your data is leaked.  This isn't necessarily the case.  A personal data breach is more than just a loss of data.

The full report is here: Why more transparency around cyber attacks is a good thing for everyone

We would always encourage staff to report any cyber attacks and data breaches. Visit our Information & Cyber Security Best Practice Library for support and guidance. Raise awareness with staff through training, posters and discussion.  Having a 'no blame' culture will encourage staff to report issues.
Ensure you have a Cyber Response Plan: Cyber Response Processes.

What to do in the event of a Cyber Attack 

Incidents or attacks where any security breaches may have taken place, or other damage was caused, should be reported to an external body. 

The SLT digital lead will be responsible for assigning someone to report any suspicious cyber incidents or attacks. This person will need to report this to: 

  • Report Fraud on 0300 123 2040, or the Report Fraud website 
  • the DfE sector cyber team at This email address is being protected from spambots. You need JavaScript enabled to view it. 

You may also need to report to: 

You must act in accordance with: 

Police investigations may find out if any compromised data has been published or sold and identify the perpetrator. 

Preserving evidence is as important as recovering from the crime.

Forward suspicious emails to This email address is being protected from spambots. You need JavaScript enabled to view it.. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

Little Guide to ACTION FRAUD

coloured computer textm spelling Cyber Attack

A Dorchester school has recently suffered a cyber attack in the form of a Ransomware attack.
Following the attack the school has been left unable to use email or accept payments.
The school is working with the National Cyber Security Centre and the police to resolve the issue. The full article can be read here: https://www.bbc.co.uk/news/uk-england-dorset-65685607
T
he school remains open, with teaching adapted as needed and exams continuing as planned.

Comment from the headteacher:

A message from the headteacher, Nick Rutherford, to parents said:

“We are in liaison with our school Data Protection Officer and this data breach has been reported to the Information Commissioners Office (ICO) in line with requirements of the Data Protection Act 2018/GDPR. Every action has been taken to minimise disruption and data loss.

“The school will be working with Wessex Multi-Academy Trust, IT team and other relevant third parties (Department for Education, National Cyber Security Centre and police) to restore functionality and normal working as soon as possible.

“I appreciate that this will cause some problems for parents/carers with regards to school communications and apologise for any inconvenience. Please use the telephone absence line to report student absence, as staff cannot currently receive emails. Please also telephone the school should you wish to report any concerns or speak to a member of staff."
Quote source: https://planetradio.co.uk/greatest-hits/dorset/news/dorchester-school-cyber-attack/

Prof Alan Woodward, from the University of Surrey, has previously said schools are a "soft target". 

"IT is not their core business, they don't have big IT teams, and if they're all using standard software and a vulnerability is found in it, then the criminals will quite quickly realise that.

"The advice is never to pay. It sounds like a quick way out, but the prices are extortionate, and you're painting a big target on your back.

"Hackers sell what they call 'suckers lists' on the dark web, where they say 'these people will pay up', and often it can lead to further attacks," he added.

Data Protection Education are working with schools and trusts to build cyber resilience with data protection in mind:

View our Information & Cyber Security Best Practice Library for cyber help and guidance.

Download our Business Continuity Template.

What to do in the event of a Cyber Attack 

Incidents or attacks where any security breaches may have taken place, or other damage was caused, should be reported to an external body. 

The SLT digital lead will be responsible for assigning someone to report any suspicious cyber incidents or attacks. This person will need to report this to: 

  • Report Fraud on 0300 123 2040, or the Report Fraud website 
  • the DfE sector cyber team at This email address is being protected from spambots. You need JavaScript enabled to view it. 

You may also need to report to: 

You must act in accordance with: 

Police investigations may find out if any compromised data has been published or sold and identify the perpetrator. 

Preserving evidence is as important as recovering from the crime.

Forward suspicious emails to This email address is being protected from spambots. You need JavaScript enabled to view it.. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

Little Guide to ACTION FRAUD

Hands typing in a password field, showing the password field as asterisks

Malicious threat actors (hackers) are always developing new techniques to breach passwords.  This article lists the different types of password attacks and some defences/counter-measures which can be used to enhance password security.  In our experience, hackers are most successful at accessing school systems unlawfully using these methods.  Passwords continue to be a primary target for cyber criminals seeking unauthorised access to accounts.

Password security is a shared responsibility and proactive measures can go a long way in preserving online safety.

  1. Brute Force Attacks - involve systematically attempting all possible combinations of characters until the correct password is discovered.  Ways to mitigate brute force attacks are account lockouts or measures like CAPTCHA to slow the repeated login attempts down.
  2. Dictionary Attacks - the attacker uses a precompiled list of commonly used passwords, dictionary words, and known phrases.  By systematically trying each entry, they can gain access to an account.  Counter measures would include enforcing strong password policies, such as password complexity requirements.
  3. Phishing Attacks - involve the hacker tricking users into revealing their passwords through fraudulent means.  Attackers typically send deceptive emails, masquerade as legitimate organisations or create fake login pages to steal user credentials. To combat phishing attacks, individuals should be cautious while opening emails, double-check the authenticity of the websites and enable multi factor authentication to add an extra layer of protection.  View our article: A guide to multi-factor authentication.  Run a phishing campaign through our Knowledge Bank (which all our customers have access to).
  4. Keylogger Attacks - are malicious software of hardware devices designed to record a user's keystrokes, including passwords.  These captured keystrokes are then transmitted to the attacker for analysis.  To prevent keylogger attacks maintain up-to-date antivirus software, avoid downloading files from untrusted sources and use virtual keyboards when entering passwords on public computers.
  5. Rainbow Table Attacks - attackers use precomputed tables containing a vast number of password hashes and their corresponding plain text passwords. by comparing the stolen password hashes with the entries in the table, they can rapidly discover the original passwords.  Implementing robust cryptographic techniques can effectively mitigate rainbow table attacks.
  6. Credential Stuffing - exploits the fact that many users reuse passwords across multiple platforms.  Attackers obtain username-password combinations from data breaches on other websites and systematically try them on other platforms.  To combat credential stuffing, users must adopt unique passwords for each service and utilise password managers to generate and store complex passwords securely.

Defences and Counter-Measures

  • Use a complex password and multi factor authentication
  • Lock accounts after a number of successful attempts
  • Check your physical hardware
  • Run a virus scan
  • Monitor your account compromises. Use haveibeenpawned.com to check whether your email address is connected to any recent leaks and so vulnerable.
  • Enable encryption on your router
  • Use a VPN

Use our Password Checklist to see how robust your password policies and procedures are.

Further guidance from the NCSC about passwords: Password Policy: updating your approach.

Visit our Password Best Practice Library for help and guidance.

Read our article about passwords: Passwords - simplifying the approach.

ICO Password guidance: Passwords in online services.

What to do in the event of a Cyber Attack 

Incidents or attacks where any security breaches may have taken place, or other damage was caused, should be reported to an external body. 

The SLT digital lead will be responsible for assigning someone to report any suspicious cyber incidents or attacks. This person will need to report this to: 

  • Report Fraud on 0300 123 2040, or the Report Fraud website 
  • the DfE sector cyber team at This email address is being protected from spambots. You need JavaScript enabled to view it. 

You may also need to report to: 

You must act in accordance with: 

Police investigations may find out if any compromised data has been published or sold and identify the perpetrator. 

Preserving evidence is as important as recovering from the crime.

Forward suspicious emails to This email address is being protected from spambots. You need JavaScript enabled to view it.. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

Little Guide to ACTION FRAUD

Be Cyber Aware: Why regular software updates are important

Hackers and cyber criminals are continuously searching for vulnerabilities in software and systems to exploit for their own malicious gains.  

What are Zero-Day Vulnerabilities

Zero-day vulnerabilities refer to software flaws or weaknesses that are unknown to the software vendor and, consequently, unpatched at the time of discovery by cyber criminals.  These vulnerabilities are security holes that malicious threat actors (hackers) can exploit to gain unauthorised access to systems, steal sensitive information, disrupt services, or execute malicious code.

The term 'zero-day' signifies that software developers have zero days to respond to the vulnerability before cyber criminals potentially exploit it.  Once a zero-day vulnerability is exploited, it becomes known to the software vendor, and they can begin developing a security patch or update to fix the flaw.

The Dangers of Zero-Day Vulnerabilities

  1. Undetectable Attacks: Since zero-day vulnerabilities are unknown to the software vendor, they lack the necessary security measures to detect or prevent such attacks. Cybercriminals can infiltrate systems undetected, increasing the potential for data breaches and compromising privacy.

  2. Targeted Exploitation: Zero-day vulnerabilities are highly sought after by skilled hackers and state-sponsored cyber espionage groups. These sophisticated attackers can exploit the vulnerabilities for targeted attacks against specific organizations or individuals, amplifying the potential damage.

  3. Expanding Attack Surface: With the increasing interconnectedness of devices and the rise of the Internet of Things (IoT), the attack surface for zero-day vulnerabilities is expanding rapidly. From smartphones and laptops to smart home devices and critical infrastructure, any system connected to the internet can be susceptible to such attacks.

The Importance of Updates

Software updates play a pivotal role in countering the risks posed by zero-day vulnerabilities. Here's why regular updates are crucial:

  1. Patching Vulnerabilities: Updates often contain security patches that address known vulnerabilities, including zero-day exploits. By promptly installing updates, users ensure that the latest protections are in place, reducing the likelihood of successful attacks.

  2. Enhanced Security Measures: Updates not only patch vulnerabilities but also improve overall security measures. Developers continually refine their software to strengthen defenses against emerging threats, ensuring users have access to the most robust security features available.

  3. Stay Ahead of Cyber Criminals: Software vendors constantly monitor and analyze threats to identify vulnerabilities. Regular updates allow vendors to respond swiftly to emerging risks, closing security gaps before cybercriminals can take advantage of them.

  4. Protecting Personal Data: Updating software helps protect sensitive information, including personal data, financial details, and login credentials. Neglecting updates could expose users to identity theft, financial fraud, and other forms of cybercrime.

  5. Maintaining System Stability: Updates not only address security concerns but also improve system performance and stability. Regular updates ensure that software operates efficiently, reducing the risk of crashes, freezes, or other malfunctions that could be exploited by attackers.

Important information for schools:  you may need to check with your IT provider that they are regularly updating your network and systems as part of their regular maintenance routines.  Ensure you have allowed enough time for them to do this each week.

Microsoft Patch Tuesday

Microsoft fixes three zero-days in May 2023 Patch Tuesday

Cyber Checks

Complete our Information/Cyber Security Checklist to get a graphical (RAG) view of where your organisation is with Cyber Security.

Further information about zero-day vulnerabilities can be found here: NCSC Understanding Vulnerabilities.

What to do in the event of a Cyber Attack 

Incidents or attacks where any security breaches may have taken place, or other damage was caused, should be reported to an external body. 

The SLT digital lead will be responsible for assigning someone to report any suspicious cyber incidents or attacks. This person will need to report this to: 

  • Report Fraud on 0300 123 2040, or the Report Fraud website 
  • the DfE sector cyber team at This email address is being protected from spambots. You need JavaScript enabled to view it. 

You may also need to report to: 

You must act in accordance with: 

Police investigations may find out if any compromised data has been published or sold and identify the perpetrator. 

Preserving evidence is as important as recovering from the crime.

Forward suspicious emails to This email address is being protected from spambots. You need JavaScript enabled to view it.. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

Little Guide to ACTION FRAUD

 

 

Cyber Attack: Wiltshire School

A Wiltshire secondary school has been severely affected by a targeted attack by hackers who demanded a ransom to restore access to its IT network.  The attack affected the school's local server, its website, internet access, Wi-Fi, printers and internal phone systems.

A full report can be read here: https://www.gazetteandherald.co.uk/news/23476464.hacker-demands-ransom-taking-control-wiltshire-schools/

The school's website was still down several days later.  An update a few days later was published here: https://www.gazetteandherald.co.uk/news/23484633.hardenhuish-school-cyber-attack-update-hackers-demand-ransom/

In the BBC report cyber expert, Prof Alan Woodward, from the University of Surrey, said schools are a "soft target". 

"IT is not their core business, they don't have big IT teams, and if they're all using standard software and a vulnerability is found in it, then the criminals will quite quickly realise that.

"The advice is never to pay. It sounds like a quick way out, but the prices are extortionate, and you're painting a big target on your back.

"Hackers sell what they call 'suckers lists' on the dark web, where they say 'these people will pay up', and often it can lead to further attacks," he added.

The full BBC Report can be found here: https://www.bbc.co.uk/news/uk-england-wiltshire-65411450

View our Information & Cyber Security Best Practice Library for cyber help and guidance.

Download our Business Continuity Template.

What to do in the event of a Cyber Attack 

Incidents or attacks where any security breaches may have taken place, or other damage was caused, should be reported to an external body. 

The SLT digital lead will be responsible for assigning someone to report any suspicious cyber incidents or attacks. This person will need to report this to: 

  • Report Fraud on 0300 123 2040, or the Report Fraud website 
  • the DfE sector cyber team at This email address is being protected from spambots. You need JavaScript enabled to view it. 

You may also need to report to: 

You must act in accordance with: 

Police investigations may find out if any compromised data has been published or sold and identify the perpetrator. 

Preserving evidence is as important as recovering from the crime.

Forward suspicious emails to This email address is being protected from spambots. You need JavaScript enabled to view it.. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

Little Guide to ACTION FRAUD

 

Keeping your IT systems safe and secure

The ICO recently published an updated article aimed at small business with tips for IT security - this advice would also be applicable for schools and colleges.  

This table shows the advice from the ICO and how areas of the Data Protection Education Knowledge Bank can help and guide you in those areas. 

ICO Recommendation DPE Knowledge Bank Links
 Back up your data
 

 How secure is your server?

 Use strong passwords and multi-factor authentication

 Password Best Practice Library

 A Guide to Multi Factor Authentication

 Password Security Learning Nugget

  Be aware of your surroundings

 Information & Cyber Security Best Practice Library

 How to avoid a data breach: Information and Cyber Security Training Course

 Be way of suspicious emails

 Phishing Simulation

 Types of Phishing News Articles

 NCSC Cyber Security Training for School Staff

 Install anti-virus and malware protection

 Information & Cyber Security Best Practice Library

 Protect your device when it's unattended

 Information & Cyber Security Best Practice Library

 Physical Security

 Physical Security Learning Nugget

 Make sure your Wi-Fi connection is secure  Info/Cyber Security Checklist
 Limit access to those who need it

 Info/Cyber Security Checklist

Acceptable Use

 Take care when sharing your screen

 Working At Home Learning Nugget

 Working Out of School Best Practice Library

 Don't keep data for longer than you need it

 Records Management Best Practice Library

 Dispose of old IT equipment and records securely

 Info/Cyber Security Checklist

The full ICO article is here:  11 Practical Ways to Keep Your Systems Safe And Secure

Further ICO Password guidance: Passwords in online services

What to do in the event of a Cyber Attack 

Incidents or attacks where any security breaches may have taken place, or other damage was caused, should be reported to an external body. 

The SLT digital lead will be responsible for assigning someone to report any suspicious cyber incidents or attacks. This person will need to report this to: 

  • Report Fraud on 0300 123 2040, or the Report Fraud website 
  • the DfE sector cyber team at This email address is being protected from spambots. You need JavaScript enabled to view it. 

You may also need to report to: 

You must act in accordance with: 

Police investigations may find out if any compromised data has been published or sold and identify the perpetrator. 

Preserving evidence is as important as recovering from the crime.

Forward suspicious emails to This email address is being protected from spambots. You need JavaScript enabled to view it.. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

Little Guide to ACTION FRAUD

 

 

Why we recommend using PIN codes on printers

This article explains why we recommend using PIN codes on printers and how it reduces the risk of a data breach - this recommendation often comes about after a Making the Rounds visit to your site.

Using PIN codes on printers provide several data protection benefits:

  1. Prevent unauthorised access: By requiring a PIN code to access the printer, you can prevent unauthorised individuals from printing sensitive documents or accessing the printer's configuration settings.  It ensures that only employees have access relevant to their role.

  2. Protect confidential information: If you are printing confidential documents, PIN codes can ensure that only authorised individuals can access the printed material. This can help protect against the accidental disclosure of sensitive information and minimise the risk of a data breach.

  3. Control printer usage: PIN codes can also be used to control who can use the printer and when. For example, you can assign different PIN codes to different departments or individuals and track who is using the printer and when. This can help you better manage printer usage and reduce costs.  

  4. Secure printing: Many printers offer a feature called secure printing, which requires a PIN code to be entered before the printer will release the document. This can help ensure that confidential documents are not left unattended in the printer tray for others to see, again minimising the risk of a data breach.

Overall, PIN codes on printers can provide an additional layer of security to protect against unauthorised access to sensitive information and help you better manage printer usage.

The steps to set up PIN codes on a printer may vary depending on the printer model and manufacturer, but is something that your IT provider/technician should be able to implement.  There are both software and hardware solutions.

Once PIN codes have been created ensure that staff receive this information in a secure and confidential way and follow the same guidance used for protecting their passwords, such as not writing it down or sharing it : Passwords Best Practice Area

Consider also how confidential waste is stored/disposed of.  If it is stored prior to external destruction make sure it is securely stored in secure bins or in a confidential waste bag in a locked cupboard.  Avoid the temptation to leave recycling paper in boxes even if not confidential - often this is a data breach risk when confidential data gets mixed with class resources.  Confidential waste bags and boxes must be kept as securely as befits the documents they hold.

We would also recommend visiting our Information & Cyber Security Best Practice Area for further advice about protecting data and systems.

If you would like to book a 'Making the Rounds' visit with one of our school consultants please contact us: This email address is being protected from spambots. You need JavaScript enabled to view it.

 

 

Types of Cyber Attacks: DDoS Attacks

This article explains what a DDoS attack is and how to manage if your organisation is attacked.

A DoS attack is a denial of service attack.  It occurs when users are denied access to computer services or resources, usually by overloading the service with requests.  Your server or your website will be repeatedly bombarded with requests for information or resources.  This overwhelms the system making it unusable and unavailable.

An attack becomes a 'distributed denial of service' (DDoS) when it comes from multiple devices.  This is the most common form of DoS attack on websites.

Further information from the NCSC about DDoS attacks can be found here: DoS Guidance NCSC

How does this affect schools/organisations?

Your organisation may be attacked even if you do not have a high profile website.  Your organisation's website might be attacked or your server or systems.

Hampshire Alert recently posted an increase in the volume of attacks: Increase in DDoS attacks

DDoS-for-hire services are now openly available online, which makes it a relatively cheap and easy type of cyber attack.

View our Cyber/Information Security Best Practice Area for more guidance and checklists about Information and Cyber security.

How do we know if we are being attacked?

  • If your website is suddenly unavailable.
  • Small attacks over time (check system event logs).
  • The attack may be a distraction for other cyber crimes or fraud.  Attackers may use this as a way to check your system's vulnerabilities as a way to prepare for another type of attack at a later date.

Further information can be found at: Action Fraud

How to prevent a DDoS attack?

Generally, these types of attacks are prevented by having modern and robust cyber security tools in place.

The NCSC have a downloadable document explaining how to prepare for such attacks: Prepare for denial of service (DoS) attacks

Aside from the technical aspects of protecting systems, it is always recommended to have a cyber response and business continuity plan in place.  Ensure all staff know what to do in the even of a cyber attack. 

What to do in the event of a Cyber Attack 

Incidents or attacks where any security breaches may have taken place, or other damage was caused, should be reported to an external body. 

The SLT digital lead will be responsible for assigning someone to report any suspicious cyber incidents or attacks. This person will need to report this to: 

  • Report Fraud on 0300 123 2040, or the Report Fraud website 
  • the DfE sector cyber team at This email address is being protected from spambots. You need JavaScript enabled to view it. 

You may also need to report to: 

You must act in accordance with: 

Police investigations may find out if any compromised data has been published or sold and identify the perpetrator. 

Preserving evidence is as important as recovering from the crime.

Forward suspicious emails to This email address is being protected from spambots. You need JavaScript enabled to view it.. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

Little Guide to ACTION FRAUD

Search