Whilst I am currently working on producing the Cyber Security Basics for Edu Staff I thought I would put together a few quick top tips on how to ensure your school stay safe and secure when it comes to cyber security.
1. POWERFUL PASSWORDS
Something that I seem to be constantly saying to staff is to ensure that they have a secure password. Guidance and advice changes slightly on a regular basis but the core fundamentals remain the same. A strong and secure password should be one that doesn’t relate to you directly and that can’t be easily guessed. The core guidance out there states your password should be a minimum of 8 characters containing a upper&lower case letters, at least one number and a special character. This is firm guidance which most companies will enforce however to one way to keep your password even more secure is to use a set of three words or a small sentence. Now this may seem slightly silly however there is method behind the madness. Using a sentence of like 3 words for example TheGr33ntree! Hits all of the criteria above and due to it being a random sentence means that it would take someone trying to access your account a larger amount of time to access.
And remember if you need to write your password down, make sure that it is kept secure and that it isn’t located near any of your devices for further protection.
2. WATCH OUT FOR PHISHING ATTACKS
One of the biggest things that all school staff need to watch out for are phishing emails. These are emails that pose to be one thing but in reality is something completely different. A typical phishing attack would be when a scammer sends fake emails to thousands of people asking them to enter/provide personal information or have them click links that redirect them towards websites requesting you to download a file containing malware/viruses. They aim to collect this information to steal your details to sell or to gain access into your school/organisation.
Phishing emails are designed to look exactly like a regular email you will receive. Common ones now are based around Microsoft and Google file shares, along with fake company invoicing and payment requests.
The main bulk of these attack attempts will arrive in your office@, admin@ email addresses as these are the most simple to locate for a school. As the NCSC say ‘If in doubt, call it out‘, if you are unsure on any email that arrives always reach out to your IT support providers to take a look at it for you. Never feel shy or silly to question something even if it is legitimate. Always ask if you are unsure.
To learn more about Phishing emails, view the NCSC website
3. WORKING FROM HOME
At a time when everyone is now seeing the true possibility of the ‘work anywhere’ mentality and schools/businesses are able to operate from home, we need to be ever more vigilant. Working from home even on a school device can come with it’s own issues. Ensure that all of your laptop anti-virus and protection is up to date prior to heading home. Schools have amazing access to high standard filtering and security features built into their broadband packages which aren’t available at home. Ensure that you have two-factor authentication turned on for your staff emails and sensitive system accounts. Requiring a confirmation text message or email to get into an account better increases your protection against possible threats.
Where possible I would always change your default password to your wireless and if you know how to do so, increase the security settings on your broadband. Most providers have these instructions available on their support website or via their helplines. Keeping this information updated can make it that bit harder for someone to try and access.
4. PUBLIC NETWORKS
Finally, never use your work devices on a public network. Heading down to Starbucks and doing some work with a coffee may sound like a nice ideas but being on a public open network is a pretty visible invitation for some trouble. Public networks do what they say on the tin, they are publicly assessible with very little security settings put in place and a hunting ground for scammer/hackers trying to gain quick access into information. My personally recommendation would be to stay as far away as possible.
Do you have a question or require some further support, please reach out to me and let me know.
You can contact me via social media @MrJSmithson_Edu or by emailing firstname.lastname@example.org.