Security guidance and LGfL's 12 layers of protection
When it comes to school security, LGfL has a world-beating 12 layers of protection which you won't find together anywhere else (all part of the service, of course).
There are many state-of-the art products we provide to use in school, but our protection begins before the internet reaches you. Janet scrutinises and scrubs our internet to identify suspicious activity and stop DDoS attacks before it even reaches our state-of-the-art data centres. Combined with the next-generation firewalls in our data centres and your school, plus all the security tools we provide for your devices and servers (make sure you are using them all), and you end up with one of the most secure school networks in the world.
Nonetheless, the greatest risks to a network are likely to come from a member of staff clicking something they shouldn't (find out more how phishing remains the greatest threat to schools and businesses in our school security report with NCSC). Cybercriminals particularly targeted worries about covid at the start of the pandemic. Make sure to use Sophos Phish for staff, and make parents aware of the risks, and that they can contact ActionFraud if they have been a victim. Why not follow @LGfLCyberCloud on Twitter to find out the latest updates.
General Principles - CyberAware from NCSC
NCSC has boiled down cybersecurity awareness messages into the following 6 top tips for the general public. They are great to share with staff but especially parents and pupils (read here what they mean and why):
Create a separate password for your email
Create a strong password using three random words
Save your passwords in your browser
Turn on two-factor authentication
Update your devices
Turn on backup
National Cyber Security support for schools
The National Cyber Security Centre (NCSC, part of GCHQ) has recently issued alerts to educational establishments about attacks against education establishments. NCSC outlines a number of steps you cantake to keep cyber criminals out of your networks here. The organisation has also created a dedicated page for schools which you may wish to read. We recommend you make sure you use our security products and that they are up to date and on all your devices.
You may also wish to scroll through the screenshots of mail and SMS scams that NCSC and the US Dept of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) have warned about in this joint advisory document - useful to make colleagues aware of.
NEW: strategic cybersecurity training for senior leaders from NCSC
The National Cybersecurity Centre (NCSC, part of GCHQ) has produced free cyber security training to raise awareness and help school staff manage some of the key cyber threats facing schools.
This training is non-technical and appropriate for all staff to attend, but may be particularly helpful for senior leaders and governors to attend in order to understand high-level issues and why you need to be aware (and what you need to do about it). Sign up here.
Parents and Pupils
Remember there are new scams every day, so it isn't a question of memorising a list of Top 10 Scams. Instead, remind parents and pupils to check every link and not believe or click things that are too good to be true (or secret new information, cures or payouts!). Maybe share the poster above, too. As an example, the government launched a WhatsApp Coronavirus 'bot' last year, which sounded like it could be a scam, but you could find it on official gov.uk pages as a useful new service.
Education is key for staff, as well as for pupils. One great way to begin this process is to roll out Sophos Phish Threat - phishing simulation and training for staff. It isn't a question of catching them out, but helping them to spot the signs so the fraudsters do NOT catch them out. Find out more and claim your licences at phish.lgfl.net.