Training to help shore up cyber defences in schools

Schools will be able to improve their defence against online attacks through new training created for teachers and staff by the National Cyber Security Centre.

NCSC, a part of GCHQ, has released free cyber security training for school staff, which sets out real-life incident case studies and four practical steps staff can take to protect themselves online. The resource is the latest package of support the NCSC has offered the schools sector to improve cyber resilience, and follows an updated alert issued last month to help education establishments in the wake of a rise in ransomware attacks.

The training shines a light on the main threats schools face and outlines the severe impact cyber incidents can have, with one case study showing how a school lost a substantial sum in school fees after reception staff fell victim to a phishing scam.

The four steps for school staff are being encouraged to follow are:

•     Defend against phishing attempts: Reduce the information available about you, check for anything that looks suspicious, don’t be embarrassed to ask for help.
•     Use strong passwords: Choose three random words for your passwords, have a separate password for your work account, switch on two-factor authentication where possible, keep passwords secure by saving them to your browser.
•     Secure your devices: Don’t ignore updates, only download software and apps from official app stores, put a screen lock on devices (password, PIN, etc), if necessary only use school-issued USB sticks.
•     If in doubt, call it out: Report anything suspicious as soon as possible and do not be afraid to flag up IT security policies that make your job difficult.

Sarah Lyons, NCSC Deputy Director for Economy and Society Engagement, said: “It’s absolutely vital for schools and their staff to understand their cyber risks and how to better protect themselves online. That’s why we’ve created an accessible, free training package offering practical steps on cyber security to help busy professionals boost their defences. By familiarising themselves with this resource, staff can help reduce the chances of children’s vital education being disrupted by cyber criminals.”