School Staff – Cyber Session

Thank you for attending a cyber security session for school staff with the SEROCU Cyber Protect team. If you have any feedback at all, we would love to hear it in order for us to develop and tailor our resources. We can only make this free service better if you let us know what works, and what doesn’t.

If you took part on MS Teams, we would love for you to take just a couple of minutes to complete a survey about the presentation. There are only nine short, mostly multiple-choice questions. This opens in a new window – close it once complete.

SURVEY

If you have any other comments, positive or constructive, please email us at:

CyberProtect@serocu.pnn.police.uk

For details of our other Inset Day training programmes for Leadership and those with a Safeguarding or Pastoral role, please visit our Cyber for Schools page.

Action List

Phishing

1. Review the clues for spotting phishing
2. Take Five to Stop Fraud – do the quiz!
3. Understand how to report phishing to protect others – by email or text
4. Find out how to deal with phishing at school

Resources:

• SEROCU Phishing Guidance – includes examples and Quiz!
• Take Five to Stop Fraud – includes Quiz!
• Reporting Email and Text Phishing, with clues for spotting phishing

Securing Accounts & Devices

Passwords, 2FA & Privacy

1. Review your 2FA options
2. Secure everything you can with 2FA
   • Mail email account
   • Social media
   • Any other online account (including banking, but most banks insist on this now anyway)
3. Review data breaches you’ve been involved in (Have I Been Pwned)
4. Choose a Password Manager or use the Password Manager built into your device / web browser – then change all of your passwords on online accounts to long, random and unique passwords which the Password Manager will remember for you. Do this for important accounts proactively, but for low risk accounts you can do this as and when you next access them
5. Identify key Passwords you will actually remember – based on the risk – and implement a long, strong ‘Three Random Word’ passphrase. This will probably be:
   1. Main email account – this is critical to protecting all of your other online accounts
   2. Password Manager – unlock password (use biometrics as well, but the password still needs to be good)
   3. Main bank account
6. Change default passwords on any device which has one – home broadband router is particularly important (use a search engine to find a simple video guide). Any new ‘Internet of Things’ (IoT) devices – e.g. smart speakers, wireless smart CCTV, etc… review the password provision. Some are protected by an account password (e.g. Amazon Alexa), others have a built-in password.
7. Review your Privacy online – use Internet Matters for guides

Resources:

• SEROCU 2FA Guidance
• NCSC 2FA Guidance
• SEROCU Password & Password Manager Guidance
• NCSC Password Manager Guidance
• NCSC Three Random Word Guidance
• SEROCU Privacy Guidance
• Internet Matters – guides for improving privacy online

Device Security

1. Review device security – in particular:
   1. Use Antivirus / Antimalware software on every device that can have it – think desktops, laptops, tablets, smartphones. Choose based on reviews from trustworthy sources and based on your needs. NB: Apple devices – Apple restrict the type of software which can be installed and strictly the products on offer are not antivirus software. The security software available may still prevent you falling for phishing and bring other benefits
   2. Check that you have not inadvertently disabled the ‘firewall’ on your computers and router – use a search engine to find guidance for your particular device
   3. Use a Virtual Private Network (VPN) to protect your browsing if you use public WiFi hotspots (e.g. in a coffee shop). Use your 4G data plan as an alternative (encrypted by default to the mast).
2. Install updates to your devices as soon as possible. Find out how to update more obsecure devices like smart TVs and home broadband routers – use a search engine to find a guide. Compromised, out of date devices (like broadband routers) are unwittingly used by cyber criminals with alarming frequency to attack others.

Resources:

• SEROCU Guidance on securing devices
• SEROCU Guidance on Public WiFi and VPNs
• SEROCU Guidance on Updating Devices

Backups

1. Backup your personal data on a regular basis to an ‘air-gapped’ solution (i.e. disconnected on completion). Consider automated backups to the ‘cloud’ – e.g. Apple iCloud, Google Drive… If using the cloud, check it is working as intended on a regular basis and double-check as a minimum:
   1. The account has a strong password (stored in a Password Manager or use three random words)
   2. 2FA is enabled

Resources:

• SEROCU Guidance on backups

Your Role at School

1. Understand your role in a cyber incident at school, in particular:
   • How do you report phishing?
   • How do you escalate other types of incident?
   • What actions does your school expect you to take in the event you click the wrong link, or something is going wrong on your machine?

Cyber Safeguarding

1. Teach Pupils about using technology safely, lawfully and ethically

Resources:

• SEROCU Cyber Choices pages
• SEROCU Cyber training for DSLs and Pastoral leads
• SEROCU Cyber Choices Lesson Plans
• Project Evolve – Education for a Connected World lesson plans – teaching young people how to stay safe online

Other Information

Other Resources:

• SEROCU Guidance for Individuals
• NCSC Cyber Aware
• Take Five to Stop Fraud
• Net Aware – NSPCC led guidance on social media, apps and online games
• Internet Matters – online safety guidance
• UK Safer Internet Centre – online safety tips and guidance
• Professionals Online Safety Helpline – to support anyone working with young people
• Project Evolve – Education for a Connected World lesson plans form the UK Safer Internet Centre

Reporting Cybercrime:

Action Fraud – for reporting any Fraud or Cybercrime