- Security TWENTY
- Women in Security Awards
The UK official National Cyber Security Centre (NCSC) – a part of GCHQ – has published its latest bespoke guidance for workplaces – Early Years education and childcare. It offers tips on how to protect devices and data from cyber incidents.
As the NCSC says, nurseries, pre-schools and child minders are relying on technology to operate and may be an appealing target for cyber criminals due to the sensitive data they hold and payments they handle. Hence the NCSC covers setting up strong passwords on devices and accounts, how to communicate with families safely and dealing with suspicious messages.
Sarah Lyons, NCSC Deputy Director for Economy and Society Engagement, said: “We know that incidents affecting the education sector are increasingly common, so it’s vital that all providers know how to secure their devices and sensitive data.
“As many Early Years practitioners work on their own without dedicated IT support, this guidance sets out the practical first steps they can take to protect themselves from cyber incidents. By following our advice, they’ll not only be keeping their businesses safe, but will also be keeping those in their care and families safe too.”
Four things to follow are:
Backing up your important information – identifying what data you couldn’t operate without or are legally obliged to safeguard and creating a proper back-up;
Using passwords to control access to your computers and information – switching on password protection; using strong passwords and password managers; setting up two-factor authentication and communicating safely with families;
Protecting your devices from viruses and malware – turning on antivirus products and keeping IT devices up to date; and
Dealing with suspicious messages (phishing attacks) – tips for spotting suspect messages and unusual requests, reporting these messages and what to do if you have already responded.
Adam Palmer, Chief Cybersecurity Strategist at the cyber firm Tenable, said: “Necessitated by school closures due to COVID-19, technology has been adopted to continue to provide an education to students. That cyber-attacks against the education sector are increasing is concerning, but to be expected. The use of cloud-based tools, video conferencing, and e-learning, has allowed schools and universities to continue during the pandemic. These servers store a wealth of personal student data and sensitive research data that is being accessed by a large number of unsecured personal devices. This is an attractive target for attackers. For cloud computing in education to be safely realised, cybersecurity must be prioritized.
“Identifying and patching common vulnerabilities favoured by criminals and blocking known malicious sites and IP addresses from the network will help protect data and systems. Ensuring remote learning tools can only be accessed by the correct people can be achieved through adoption of multi-factor authentication solutions. Security awareness training, for students and staff, will help prevent mistakes that can cause serious harm.
“Implementing these first steps should be a top priority for any educational institution, particularly when schools need to confidently permit the use of technology. This ensures they keep the trust of students, parents and teachers, whilst providing a richer education to future generations.”