Last month, Microsoft found that the greatest number (62%) of malware attacks in the UK, were within the education sector. As cyber criminals are taking advantage of remote learning and weaknesses within the school systems.
These weaknesses have been found to be within authentication, misconfiguration of systems and not having robust patch management. These weaknesses are key factors in enabling hackers to gain access to school systems.
During these continued times of home learning, schools need to be particularly aware of the need for robust data protection and as a minimum should have the following in place:
Determine and document risk profile and have technical and organisational measures in place, in order to mitigate risk and generate an action plan on the next steps. Guidance on how to protect your organisation can be found in the attached links: National Cyber Security Centre’s 10 Steps to Cyber Security and Board Toolkit for Cyber Security.
Ensure remote devices and services are secure. This may include providing advice to parents on working safely online.
Have a programme of training in place for staff, to ensure that they understand data protection.
Organisations must take steps to ensure data protection principles are followed when remote learning and working. A shortage of resources or lack of knowledge will not legitimise a breach. As a minimum, organisations must have fully assessed their risk, implemented mitigation measures and have an action plan for how the remaining risks will be addressed.
We are running workshops for Data Protection Internal Compliance and DPO Training, which you can register for now and you will find a link to each of the training courses below:
Organisations have to demonstrate accountability for data protection and monitoring your own compliance and testing the effectiveness of the measures in place is key to that. PHRP has developed this bespoke training to support DPOs and Data Controllers in implementing an internal compliance system.
We are delivering 5 online workshops covering essential aspects of data protection law, the role of the DPO, risk assessment, data breaches, data security and more, this training will enable any DPO to carry out their role more effectively and confidently.