Cyber for School Leadership

Thank you for attending a cyber security session for school leadership with the SEROCU Cyber Protect team. If you have any feedback at all, we would love to hear it in order for us to develop and tailor our resources. Please email at:


Action List

Securing Accounts

  1. Review and implement a better password policy
  2. Teach staff how to use good passwords
  3. Implement Two-Factor Authentication on key systems (and everywhere else if possible)

Resources:


Securing Data

  1. Implement a process for user account review
  2. Implement periodic reviews of access permissions
  3. Ensure there is no use of shared accounts

Networks and Systems

  1. Ensure the network is mapped and assets identified
  2. Incorporate asset lifecycle into long-term budget planning
  3. Ensure robust update policy exists
  4. Ensure all assets have an owner and risks are understood

Resources:


Remote and Cloud Working

  1. Review Remote Working policy and controls
  2. Review cloud policy and controls for suitability

Resources:


Defending Systems

  1. Review antivirus deployment – needs and coverage
  2. Minimise phishing risks using technical methods
  3. Train staff about phishing risks and reporting

Resources:


Incident Response

  1. Develop incident response plans for likely threat types
  2. Review backup solutions for adequacy and testing

Resources:

Safeguarding Pupils

  1. Teach Pupils about using technology safely, lawfully and ethically

Resources:

Other Information

National Cyber Security Centre Resources:

Reporting Cybercrime:

Action Fraud – for reporting any Fraud or Cybercrime – includes 24/7/365 helpline for a live cybercrime

Other:

SEROCU Cyber Security Training for Staff and DSLs

Police CyberAlarm – coming May 2021 to the South-East; free to use threat monitoring and reporting service for organisations, with free external and website vulnerability scanning services as well

South-East Cyber Resilience Centre – joint Police and private-sector not for profit organisation, providing advisory services, low-cost cyber security services and referral to vetted and approved service providers.