News

October is Cyber Security Awareness Month, and while we don't think that cyber awareness is something to cover just once in the year, we think it's a good opportunity to publish some information that can be used all year round.
Awareness Day Four: What to do if you suffer a cyber attack

October is Cyber Security  Awareness Month, and while we don't think that cyber awareness is something to cover just once in the year, we think it's a good opportunity to publish some information that can be used all year round.
Awareness Day Three: Data Security

October is Cyber Security Awareness Month, and while we don't think that cyber awareness is something to cover just once in the year, we think it's a good opportunity to publish some information that can be used all year round.
Awareness Day Two: Privacy Protection.

October is Cyber Security Awareness Month, and while we don't think that cyber Security  awareness is something to cover just once in the year, we think it's a good opportunity to publish some information that can be used all year round.

While we are focusing on cyber security and cyber resilience in October, Ofqual is reminding schools and colleges of the importance of cyber security after a poll highlighted the risks associated with poor cyber hygiene.

We are often asked for advice on where to search for information and data when you receive an information request. The ICO has published a checklist with guidance.

Sadly, we are letting you know about another cyber attack on a group of schools in Blackpool in the second week of term.

📢 We would like to announce that Data Protection Education are sponsoring the data protection discussion forum with the Association of Network Managers in Education.

A high school in south London was closed for the first part of this term due to a ransomware attack.  Students were sent home advising parents that the school would be closed for three days while all staff devices were 'cleansed'.

If  your organisation posts on social media channels, then please follow us for more content!

Another school has been hit by a cyber attack, this time in Canvey Island, Essex, who say the cyber attack happened during the summer holidays.

Schools are back in full swing, and so is our work at Data Protection Education! This week, we’ve been busy with data walks, on-site training, and booking meetings across various schools to ensure data protection standards are up to date and effective.

We've published a new e-learning module for 2024 data protection training.

🛡️✅ Gone are the days when cyber security issues meant accidentally downloading a virus, it has grown to mean so much more, where data and identities are stolen, fraud is committed and businesses can be shut down from a cyber attack.  With that in mind we have created a cyber security best practice area to help guide and support your data protection compliance.

The data protection officer is mentioned many times in the DfE Digital Standards for Schools and Colleges as someone that should either be informed or consulted with.  As part of that consultation process, we would like to announce our new DfE Digital Standards for Schools and Colleges Tracker.

We are launching a new best practice area which has all the policies, documents and posters in one place.  You can find this page in our main best practice area:

We've put all the specific school and trust related data protection guides, documents and queries into one area to make it easier for you.

We recognised that a number of our customers needed a generic retention schedule to help get them started with their records management.

We've updated our 'Making the Rounds', data walk, to include some central processes that should be included in data protection and cyber security compliance:

An update this week from the ESFA has reported a change in requirements regarding IT security for colleges and special post-16 institutions (SPIs).

The ICO have issued a reprimand to a school that did not follow due diligence when introducing facial recognition technology (FRT).

The recent news has been full of the global IT outage that affected many systems over the weekend, including airlines and patient access.  Although the incident was not caused by a cyber attack, it is important to note that it was a cyber incident which affects everyone.

A cyber incident is an event with threatens the confidentiality, integrity or availability of information systems, networks or the information they contain.

Review our previous article: What's a Cyber

Plans for the new government to introduce legislation for cyber security, digital and data were outlined in the King's speech on 17 July 2024.

We've updated our end of term and end of year guidance, alongside advice for privacy considerations for special occasions (which also normally occur at the end of term).

Ageing and out of date technology is an every day challenge for most schools and small businesses, but is there a risk?

We are asked a lot about retention schedules and keeping file when a pupil moves onto another school.  
This short video explains the basics behind data retention and the implications of keeping data for longer than required.



  Knowledge Bank
We have a retention schedule on our Knowledge Bank portal where you can check the retention period for all types of files in  your organisation.

Visit our Records Management Best Pract

This article is for all schools, colleges and multi academy trusts as a first step towards looking at the DfE Digital Standards for Schools and Colleges.

This article discusses what a cyber incident is and what you should do if you experience one.  The important thing to note is that this isn't a full-blown cyber attack, but you should still go through various reporting and risk management processes.

We've been asked by some of our customers what they need to consider when thinking about using AI to improve job efficiency as a time saving exercise or part of CPD, so staff related.
This article puts together some available resources as an initial step.

Unfortunately, a school has declared a 'significant critical incident' after it was targeted in a cyber attack.