News

The word reprimand in orange in an orange rectangle on a blue background with the word data breach in blue

The ICO has recently published a reprimand for a multi academy trust.  The reprimand was issued in respect of Articles 5 (1) (f) and 32 (1) (b).  An unauthorised third party utilised compromised credentials to access and encrypt their systems.

Lots of computer screens showing different things on a blue background all linked together

The recent update to the Keeping Children Safe in Education Document obliges schools and colleges in England to “ensure appropriate filters and appropriate monitoring systems are in place and regularly review their effectiveness”.

School children wearing blue shirts and grey skirts in a class room

The IAPP recently wrote an article about how organisations and lawmakers are striving to protect the online safety of children and teens in today's advance digital environment.  They find themselves working to solve a 'puzzle' that tries to balance varying legal jurisdictions and cultural considerations.

Hooded person over a computer. Text Cyber Aware. Blue padlock over a username and password. Data Protection Education DPO badge

We have previously reported how the Rhysida Ransomware has focused on attacking the education sector.  Recently the CISA, FBI and MS-ISAC have released a new joint Cyber Security Advisory to disseminate known Rhysida ransomware indicators of compromise, detection methods, tactics, techniques and procedures identified through recent investigations.

man in a blue suit with a blue padlock hovering above his hands. The word governance in white text on a blue background

The Governors and Data Best Practice area has been updated with some new content from the Norfolk and Suffolk Constabularies.  There is a training video: 'Protecting Yourself and Your School from Cybercrime' and a pdf of the slides from the video. There is input for school governors to highlight the risks presented by cyber crime and the resources and support available to help you improve your organisation's cyber security.

Cartoon of a criminal dressed in black with black hat, cyber criminal in orange on their chest, climbing out of a computer carrying a yellow computer folder on their shoulder

As a data protection officer we are seeing a rise in the number of cyber attacks on organisations.  We often find that the fact an actual crime has been committed is sometimes overlooked in the panic and need to recover data and get operations back up and running.  According to the National Crime Agency (NCA) cyber crime continues to rise in scale and complexity, affecting essential services, businesses and private individuals.  Cyber crime costs the UK billions of pounds, causes

NCSC Annual Cyber Review in white text, 2023 in white text on a blue background. Background is a tunnel of computer screens (like going through a black hole)

The National Cyber Security Centre looks back at it's key developments and highlights over the last year in it's 2023 annual review. The National Cyber Security Centre (NCSC), a part of GCHQ, is the UK’s technical authority for cyber security.

data breach in orange computer text on a computer screen with computer code

The British Computer Society (BCS) has recently published the biggest data leaks of 2023.  The leaks cover worldwide cyber attacks, but the lessons learned apply to organisations of all types all around the world.  The data breaches include The Guardian Newspaper, LastPass password manager, Royal Mail, MOVEit, Microsoft, The UK Electoral Commission.

Hands typing on a laptop. Laptop screen shows view of the Compliance manager which is part of the Data Protection Education Knowledge Bank portal.

We launched our Schools Best Practice area at the beginning of this term which includes specific guides and support for schools.  There is also a specific area for Trusts and the Central Team.  The Trusts Central Team section is a specific area for additional requirements and guidance for the central team of a trust and should be used in conjunction with the other tabs in the best practice area.  

Dark hooded person working on a laptop with a beam of a padlock and a password field. Be Cyber Aware in white cyber text and the Data Protection Education DPO services badge in the bottom right

Several countries have pledged never to pay cyber criminal ransoms and to collectively work toward disrupting their financial systems.  The members affirmed their joint commitment to building their collective resilience to ransomware.  They will share data on ransomware perpetrators and techniques and establish a blacklist of information about digital wallets used to facilitate rasomware payments.

A digital city with a dome around it showing protection, a white padlock at the top. Cyber resilience in white text. Data Protection Education DPO badge

The NCSC has recently published an article about creating resistant cloud backups as a way to be more resistant to the effects of destructive ransomware.

We all know that backups are an essential part of an organisation's cyber strategy and making regular backups is the most effective way to recover from a destructive ransomware attack, where an attacker's aim is to destroy or erase a victim's data. 

Be cyber aware in orange text on a blue background above a blue mobile phone, blue key store, blue key and a blue shield with a green tick inside it.

The NSA and CISA Red and Blue teams recently shared the top ten cyber security misconfigurations.  The schools we have worked with that have suffered a cyber attack often find that there are configurations, upgrades or user access controls that were missed.  This advisory highlights all of those and more - these are not in-depth configurations, but often ones that are set up incorrectly and then not checked or updated as time goes by. Although the advisory is aimed at larger organisati

Lettings and Best Practice in Blue text, hand dangling a bunch of keys. Data Protection Education DPO badge in the bottom left

During our data walks we are looking at data breach risks, in terms of 'Who has access to what data?'.  As part of our walk we may ask who has access to the school other than the employees and children attending, for example, Lettings.  As Lettings usually occur outside of the school working day, physical security can be overlooked or not thought about and so raises the risk of a data breach.  This article is launching our Lettings Checklist for schools which is shown at the end o

  1. ICO Reprimand: company suffered a ransomware attack
  2. The UK Online Safety Bill becomes an Act (Law)
  3. Considerations when migrating to a new MIS
  4. The importance of software updates (PaperCut vulnerability and Rhysida ransomware)
  5. Public bodies and sensitive data
  6. Adding offline bulk training using the Certificates function
  7. Ransomware, extortion and the cyber crime ecosystem
  8. ICO: 10 Step guide to sharing information to safeguard children
  9. Schools under Cyber Attack: September 2023
  10. Cyber Resource: The Cyber Resilience Centre Group
  11. Email and Security: ICO recent guidance
  12. Help after a Cyber Attack/Incident
  13. Social Media Policy
  14. Data Protection and Cyber Security (Inset Day) Training Ideas
  15. Changes to Microsoft Free Licensing for Schools
  16. What to do in the event of a Cyber Attack
  17. Cyber Crime: AI Generated Phishing Attacks
  18. Handling Freedom of Information Requests the right way
  19. Cyber Attack: Exam Boards
  20. VICE SOCIETY - Ransomware attacks on schools
  21. Using Tags if you are a group of organisations in the DPE Knowledge Bank
  22. Where's Harry the Hacker?
  23. Be Cyber Aware: USB Sticks
  24. Cyber Insurance in the Public Sector
  25. Types of Cyber Attacks: DDos Attack (Microsoft DDoS Attack in June)
  26. Cyber Attack: Manchester University
  27. Cyber Attack: Leytonstone School
  28. The ICO Reprimands a school
  29. Be Cyber Aware: Firewalls
  30. Subject Access Requests (SARs)
  31. Be Cyber Aware: Cyber attacks and transparency. A no blame culture
  32. Cyber Attack: Dorchester School
  33. Knowledge Bank Role Types: Admin, Staff and Trustee
  34. Types of Cyber Attacks: Password Attacks
  35. Be Cyber Aware: Why regular software updates are important
  36. Cyber Security Breaches Survey 2023
  37. Cyber Attack: Wiltshire School
  38. Keeping your IT systems safe and secure
  39. Types of Cyber Attacks: DDoS Attacks
  40. Types of Cyber Attacks: Phishing
  41. Types of Cyber Attacks: The Insider Threat
  42. Why your data is profitable to cyber criminals
  43. Using WhatsApp in Schools
  44. The Changes to Data Protection in the UK
  45. Knowledge Bank Updates
  46. Types of malware and how they are linked to data protection
  47. Striking Data Breach
  48. Windows Server 2012 & 2012 R2 Retirement
  49. How to contact us for support, subject access requests, data breaches and FOI's
  50. YouTube breached child protection laws
  51. How a school fought back after a cyberattack
  52. Types of Cyber Attacks - Credential Stuffing
  53. January Cyber update - How Can Schools Help Prevent Cyber Attacks?
  54. End of Windows 8.1 Support
  55. Assigning courses to staff using to-dos
  56. How the Record of Processing Can Help You
  57. Information Security Basics: What are VPN's?
  58. What does a Data Protection Officer Do?
  59. Are you ready for a Data Breach?
  60. Blog: Best Practice on the Retention of Child Protection Information
  61. Carrying out Supplier Due Diligence
  62. Email and retention periods
  63. How Long Should You Keep Personal Data For?
  64. The Education sector now at highest risk of cyber attacks
  65. How to Assess your Data Security
  66. Schools Blocked from Using Facial Recognition Systems
  67. Sharing this year’s Nativity play online
  68. A quick introduction to the Phishing Simulation tool
  69. The Children's Code
  70. Recording vaccination of staff
  71. B&H FoI: Racist/religious incidents/bullying
  72. Cyber Attacks
  73. Protocol for Setting Up and Delivery of Online Teaching and Learning
  74. Class Dojo International Data Sharing
  75. Model Publication Scheme: Amendments, Improvements and Updates
  76. Child friendly privacy notices
  77. Transparency
  78. Parents and students covertly recording conversations
  79. SAR? ER? FOI?
  80. Secure file transfer of files using Royal Mail
  81. Emergency contacts and consent
  82. Key elements of a successful DPIA
  83. FOI Publication Schemes
  84. SHARE: Avoid disinformation online
  85. Best Practice for Managing Photos and Video
  86. New Drip Feeds: Recognise and Respond to Subject Access Request
  87. When to contact the Data Protection Officer?
  88. National child measurement programme
  89. Make sure DPE is your registered DPO with the ICO
  90. Compliance Manager released
  91. Headteacher fined for breach of data protection legislation
  92. Emails – good practice and minimising the risk of a data breach
©2024 Data Protection Education Ltd.

Search

  • News