Protecting Your Data From Cyber Attacks - ICO Guidance

The ICO have published guidance specific to the education sector on how to prevent common personal data breaches. The advice covers a range of actions and information which all staff will benefit from, but particularly those who manage data on a regular basis. Handsam recommends this is circulated to all staff to remind them of the importance of data safety (alongside completing the NCSC Cyber Security etraining course as required by the RPA and the Handsam updated GDPR Data Protection training courses annually).

6. Keep data secure

In a busy learning environment, it can be easy to mis-place files and leave devices accessible. To help ensure that all data is kept safe and secure, computers should be security protected and locked when away from desks. You should also take care when sharing screens and close down any documents containing student or employee data before sharing. Paper files should be locked away in secure cabinets and offices away from the classroom when not in use. Reminders should be issued to staff about the security measures to follow and to ensure devices and logins remain protected. Please read our guidance on records management and security for further information.

7. Treat data in confidence

All staff should be aware of their responsibility to keep information confidential, and this should be included in any contract of employment. Sometimes it might be necessary to discuss students or colleagues with others. However, you should make sure this happens in a private environment where you can’t be overheard. Staff should be professional at all times and consider the implications of disclosing information. This could include reasons for absence, which may involve special category data.

8. Keep your IT systems up-to-date

You can reduce your risk of cyber threats, such as attacks on computer systems, by making sure you regularly install security updates. The NCSC has produced practical resources on Cyber Security in Schools. We also have guidance on Ransomware and Data Protection Compliance you may find useful.

Phishing emails are often very convincing and are becoming more and more common. Making sure your staff are regularly trained and able to identify and report a suspicious email will significantly reduce the risk of their email account being accessed by a cyber-criminal. You can find detailed guidance on phishing on the NCSC’s website.

Additional Resources

To learn more about Data Protection, consult the Handsam Quick Guides by using the Topic Tag DATA PROTECTION. Handsam also offers a range of Data Protection policies, and you can reach out to us at 03332 07037 or email info@handsam.co.uk for further details or pricing.

Contact the ICO HERE

The guidance has been uploaded into the Quick Guides Library as 'ICO Guidance on Data Safety in the Education Sector Nov 2024'. For quick reference, the ICO recommends schools/academies and staff to:

1. Ensure information is shared with the correct party

Documents handed to students or sent home in book bags can often go missing or risk being viewed by an unauthorised party. Using electronic methods allows sensitive information to be password protected, encrypted and backed up, which helps to prevent unauthorised access and loss of personal data.

2. Disable autofill

If email addresses come up automatically when starting a new email message, then you have autofill enabled in your settings. While this tool might save time, you could be more at risk of sending an email to the wrong person.

3. Take care when sending mass emails

Disclosing email addresses can reveal people’s information and potentially cause significant harm. To protect the personal information you hold, you should review your methods for sending bulk mailing. For more information, please see our guidance on sending bulk communications.

4. Implement a clear file naming system

Having consistent document naming conventions across the organisation can help to prevent forms becoming mixed up. In addition, blank forms should be clearly labelled and stored separately to completed ones.

5. Consider what information you need to redact

Make sure that the documents you send and receive are appropriately redacted so they only include necessary information, and ensure that thorough checks are made. You should also ensure that appropriate redaction software is used.