Cybersecurity

during Covid-19

When it comes to school security, LGfL has a world-beating 12 layers of protection which you won't find together anywhere else (all included, of course, as part of the service).

To help during school closures, we have tweaked firewall rules to make sure all remote learning tools work, but there's no need to worry about security loopholes - Janet scrutinises and scrubs our internet to identify suspicious activity and stop DDoS attacks before it even reaches our state-of-the-art data centres.

Combine this with our next-generation firewalls and all the security tools we provide for your devices and servers (make sure you are using everything at services.lgfl.net), and you end up with one of the most secure school networks in the world.

Something Phishy?

However, the greatest risk to your network is most likely to come from a member of staff clicking on something they shouldn't (find out more how phishing remains the greatest threat to schools and businesses in our school security report with NCSC). We have featured a few of the latest scams below (some target school staff; some target parents; all exploit natural fears surrounding Coronavirus). To see more as they arise, follow @LGfLCyberCloud.

NCSC warning about attacks on UK educational establishments

The National Cyber Security Centre issued an alert to educational establishments after dealing with several ransomware attacks against education establishments in August, which caused varying levels of disruption. NCSC outlines a number of steps you cantake to keep cyber criminals out of your networks. Read it here.

Please also see this new joint advisory document from the NCSC (GCHQ) and the US Dept of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) on the latest techniques being used - all are useful to be aware of and make colleagues aware of (scroll through also for screenshots of new mail and SMS scams).

Poster on the 6 tips for staff & students

General Principles - CyberAware from NCSC

NCSC has boiled down cybersecurity awareness messages into the following 6 top tips for the general public. They are great to share with staff and parents and pupils (read here what they mean and why):

  1. Create a separate password for your email

  2. Create a strong password using three random words

  3. Save your passwords in your browser

  4. Turn on two-factor authentication

  5. Update your devices

  6. Turn on backup

Parents and Pupils

Whilst they are worth sharing, remember there are new ones every day, so it isn't a question of memorising a list of Top 10 Scams (that said, here are exactly ten that banks have warned about in August 2020). Instead, remind parents and pupils about checking every link and not believing or clicking things that are too good to be true (or secret new information, cures or payouts!). As an example, the new WhatsApp Coronavirus 'bot' from the government sounds like it could be a scam, but you can search for it on gov.uk and find it on an official government page.

Staff Protection

As for staff, NCSC (part of GCHQ) has issued new guidance in the light of Covid-19: Home working: preparing your organisation and staff, which we strongly recommend you read. It includes guidance for school leaders, advice to pass onto staff, and guidance for how to manage and secure your devices (remember we offer Meraki MDM for your school devices), so please read and circulate the NCSC guidance in your school.

Also, while we know they are tired, busy and stressed coping with the new demands of in-school and remote teaching, it really would be a good time to roll out Sophos Phish Threat - phishing simulation and training for your staff (again, no extra cost). It isn't a question of catching them out, but helping them to spot the signs so the fraudsters do NOT catch them out. Find out more and claim your licences at phish.lgfl.net.

Data Protection

It is important you remain particularly vigilant regarding data protection during school closures and alternative arrangements, especially where unusual arrangements are made regarding personal information, such as contact details for pupils/students and staff being shared with staff who would not normally be party to this information.

Both for this and other school data, there will be more stored at staff home addresses, so it is important that all staff be reminded of your data protection policy and procedures by the school data protection officer.