Data Protection and the Importance of Cyber Security

posted in: Uncategorized | 0

You may be aware of Stoptober. But, did you know that October is also the National Cyber Security Awareness month?

This is an EU awareness campaign promoting cyber security. It aims to help us understand the threat of cyber crime and how our actions help or hinder attacks.  
The theme of this year’s campaign is 

“cyber security is a shared responsibility.”

With an estimated 2 million cyber attacks last year costing victims £36 billion it is easy to see why.

Cyber security experts tell us that there are three aspects of cyber security: people, processes and technology:

  • IT departments must implement software and other security controls to remove vulnerabilities 
  • organisations must create processes that explain to employees how to keep information secure
  • and people must follow those instructions.

If anyone fails to perform their role, the chance of a data breach increases dramatically.

Reporting Cyber Crime 

UK Police are encouraging us all to report cyber crime to ensure they have as much data as possible. Apparently, it is a much under-reported crime.

Rob Jones, Director of Threat Leadership at the National Crime Agency recently said, “it is crucial that businesses report cyber crime to us because every incident is an investigative opportunity.”

Rob recommends following best practice on cyber security basics to ensure good cyber hygiene:

  • Having good functional back-ups
  • Treating data as an asset
  • Having appropriate policies around data
  • Having incident response available.

“All simple ways of mitigating the harm from ransomware, which is the most prevalent form of attack we see.”  

Phishing Emails

It is estimated that 91% of cyber attacks start with a phishing email. So staff awareness and vigilance is really important. Globally 3.4 billion malicious emails are sent every day!

Phishing emails are commonly used by cyber criminals to pose as genuine organisations or individuals (often someone we have been in contact with before). The aim is to trick us into giving away information, such as passwords.  They often ask us to click on a link and sign into a fake system thus giving access to our information.  

Fear is often used to manipulate us.  In 2017 a PhishMe survey sent out benign phishing emails. 44% of recipients were tricked by a report that a grievance had been filed against them.  

Staff Awareness is Vitally Important

As one IT Manager advised the schools in his multi-academy trust:

“You are our eyes and ears. “User Awareness” is our very best protection against this form of attack.”

One of the recommended tasks in my GDPR compliance action plan is completion of the National Cyber Security Centre’s 10 steps to cyber security which encompass these three aspects: people, processes and technology.

If you would like to know more about how I can support your school as its DPO or the training for staff and governors I can provide, please get in contact either via my contact form; or by email or phone (details at the bottom of my Home page).