Wednesday 21 Apr 2021 @ 15:25
National Cyber Security Centre
Printable version

School staff offered training to help shore up cyber defences

New cyber security training resource for the schools sector to improve cyber resilience.

  • Free cyber security training for school staff released by the National Cyber Security Centre (NCSC) to boost resilience
  • New resource sets out four steps for staff to follow to help mitigate cyber incidents, including ransomware attacks
  • Case studies show impact of incidents, such as schools losing substantial sums of money and access to critical systems for weeks

SCHOOLS will be able to improve their defence against online attacks through new training created for teachers and staff by the UK’s leading cyber experts.

The National Cyber Security Centre (NCSC) – a part of GCHQ – has today (Wednesday) released free cyber security training for school staff, which sets out real-life incident case studies and four practical steps staff can take to protect themselves online.

The resource is the latest package of support the NCSC has offered the schools sector to improve cyber resilience, and follows an updated alert issued last month to help education establishments in the wake of a rise in ransomware attacks.

The training, available from the NCSC website, shines a light on the main threats schools face and outlines the severe impact cyber incidents can have, with one case study showing how a school lost a substantial sum in school fees after reception staff fell victim to a phishing scam.

Sarah Lyons, NCSC Deputy Director for Economy and Society Engagement, said:

“It’s absolutely vital for schools and their staff to understand their cyber risks and how to better protect themselves online.

“That’s why we’ve created an accessible, free training package offering practical steps on cyber security to help busy professionals boost their defences.

“By familiarising themselves with this resource, staff can help reduce the chances of children’s vital education being disrupted by cyber criminals.”

Schools Minister Nick Gibb said:

“It is vital that schools have robust cyber security in place, and these new resources and training will help staff to increase protection from attacks.

“This training will boost support for schools, giving teachers the tools and skills they need to identify possible risks. I would strongly encourage all schools to adopt the resources and all staff to complete the training to make sure data is protected.”

The training package is designed to be accessible by any staff member, regardless of role or technical knowledge, and is available as a scripted presentation.

The four steps for school staff are being encouraged to follow are:

  1. Defend against phishing attempts: Reduce the information available about you, check for anything that looks suspicious, don’t be embarrassed to ask for help.
  2. Use strong passwords: Choose three random words for your passwords, have a separate password for your work account, switch on two-factor authentication where possible, keep passwords secure by saving them to your browser.
  3. Secure your devices: Don’t ignore updates, only download software and apps from official app stores, put a screen lock on devices (password, PIN, etc), if necessary only use school-issued USB sticks.
  4. If in doubt, call it out: Report anything suspicious as soon as possible and do not be afraid to flag up IT security policies that make your job difficult.

Once the training has been completed staff members can download a certificate which indicates they have taken part.

The case studies based on real cyber incidents include:

  • Administration staff at a school falling victim to a phishing email scam asking for contact details of pupils’ parents. Cyber criminals tricked parents into redirecting school fees, leading to a substantial sum being stolen and parents’ details being sold on the dark web.
  • An unencrypted school USB, which contained details about thousands of pupils, being taken outside of the school and subsequently lost. It was only returned when a member of the public found it by chance.
  • A teacher writing their password on a post-it note stuck to their laptop, which allowed a pupil to gain access to their computer. As the same password was used for multiple accounts, the pupil could access more than 20,000 records and change their grades. The school was disciplined by the Information Commissioner’s Office.

The launch of the training builds on a raft of support given to schools since research commissioned by the NCSC in 2019 found 92% of UK schools would welcome more cyber security awareness training for staff.

Additional tailored guidance and advice can be found in a dedicated area on the NCSC website. Resources include questions for schools’ governing bodies to ask school leaders to help improve understanding of cyber risks, as well as cyber security practical tip cards for schools.

Channel website: https://www.ncsc.gov.uk/

Original article link: https://www.ncsc.gov.uk/news/school-staff-offered-training-to-help-cyber-defences

Share this article

Latest News from
National Cyber Security Centre

NCSC enters new partnership for PDNS delivery

17/04/2024 13:05:00

The National Cyber Security Centre announces new partnership to deliver the Protective Domain Name System (PDNS) service.

UK holds China state-affiliated organisations and individuals responsible for malicious cyber activity

26/03/2024 10:31:00

UK calls out pattern of malicious cyber activity by Chinese state-affiliated organisations and individuals targeting democratic institutions and parliamentarians.

NCSC and partners issue warning about state-sponsored cyber attackers hiding on critical infrastructure networks

08/02/2024 11:05:00

GCHQ’s National Cyber Security Centre and partners share details of how threat actors are using built-in tools to camouflage themselves on victims’ systems.

Business leaders urged to toughen up cyber attack protections

24/01/2024 13:12:00

New guidelines to help directors and business leaders boost their resilience against cyber threats.

Exploitation of vulnerabilities affecting Ivanti Connect Secure and Ivanti Policy Secure

15/01/2024 10:15:00

Organisations are encouraged to take immediate action to mitigate vulnerabilities affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) gateways (CVE-2023-46805 and CVE-2024-21887), and follow the latest vendor advice.

UK exposes attempted Russian cyber interference in politics and democratic processes

08/12/2023 10:29:00

The UK condemns Russia’s sustained attempts at political interference in the UK and globally.

UK and allies expose Russian intelligence services for cyber campaign of attempted political interference

07/12/2023 14:25:00

The UK and allies call out the Russian Intelligence Services for a campaign of malicious cyber activity attempting to interfere in UK politics and democratic processes

NCSC launches Cyber Incident Exercising scheme

06/12/2023 15:25:00

New CIE assured providers give organisations support to create structured table-top or live-play cyber incident exercises.

UK and Republic of Korea issue warning about DPRK state-linked cyber actors attacking software supply chains

23/11/2023 16:05:00

Joint advisory observes cyber actors leveraging zero-day vulnerabilities and exploits in third-party software.