News

The ICO has recently published new guidance about bulk email communications following a number of data breaches caused by the incorrect usage of CC and BCC (carbon copy and blind carbon copy). 

Emails sent to the wrong person or emails copied rather than blind copied to customers/parents are the most common data breaches seen and are often because someone is rushing or under pressure.

The time following a cyber attack can be very stressful, and in the heat of the moment it can be difficult to know what the best thing to do between working out what went wrong, how to recover and what went missing, it can be hard to know where to start first.

We provide some help and guidance in our Information and Cyber Security Best Practice Area, which also includes the checklist:  document What to do immediately after a Cyber Attack (58 KB) .

We've created a model Social Media Policy.  The policy outlines guidelines and expectations for the use of social media platforms by individuals and employees associated with an organisation. 

The primary aim of the policy is to ensure responsible, respectful and effective use of social media while protecting the organisation's reputation and interests.

Are you looking for some data protection training for your inset day(s) at the start of term?  Here are some ideas about how to raise awareness around data protection and cyber security for your staff. 

The training should be relevant, accurate and up to date. 

Microsoft has recently announced the planned retirement of the Microsoft A1 Licenses for Education.  According to Program Updates in Microsoft 365 for Education page the main reason is to limit storage.  Free, unlimited storage plans have become prohibitive and have become a large vector for security risks and fraud. 

We've produced a document to provide help and guidance in the event of a cyber attack.  The document is part of our Information and Cyber Security Best Practice Area and covers:

This document gives a list of who to contact and what to do just after a cyber attack.  It covers:

For those outside the computing world, it feels as though AI (Artificial Intelligence) has suddenly appeared and having a huge impact on the rest of the world.  Artificial intelligence is intelligence demonstrated by computers, as opposed to human or animal intelligence.  'Intelligence' encompasses the ability to learn to reason, to generalise and to infer meaning. 

The Information Commissioner's Office have recently put Leicester City Council forward as an FOI (Freedom of Information) best practice example. An FOI refers to a request under the Freedom of Information Act. The Act allows any individual or organisation to make a request to a public authority for information they have recorded. 

Surrey Police are investigating a fraud and computer misuse allegation at AQA, England's largest exam board which follows the recent data breach reported by Cambridgeshire Policy into a data breach with the exam boards at OCR and Pearson. Full article: AQA also hit by exam paper cyber attack.

This article was originally published in January 2023, but has been updated with some additional information, following further ransomware attacks on schools in the UK. Highly confidential documents from 14 schools in the UK have been leaked online by hackers.  The Vice Society has been behind a high-profile string of attacks on schools across the UK and the USA in recent months.

If you are a group of organisations such as a multi academy trust and a member of the central team,  it can be useful to view all of the organisations/schools and the main organisation/trust details all at once in several of the Knowledge Bank pages to give an overview.  When your organisation are added into the Knowledge Bank, we will have tagged them all appropriately.

Here's a little fun. It's our not-so-good friend Harry the Hacker. He's all over the place...can you find him?

This article is one in a series of articles about raising cyber awareness in an organisation.  We visit a number of organisations through our data walks and often discuss the use of USB sticks with staff and are told that they are not allowed.  Yet we will see them in use during the walk.  A verbal/written policy is not the same as prevention and detection.  This article will discuss methods for detection and why.

This article is about cyber insurance in the public sector, particularly in relation to schools.  Cyber insurance is a special type of insurance intended to protect businesses from internet-based risks, and more generally risks relating to information technology infrastructure and activities.  It is also known as cyber liability insurance or cyber risk insurance. 

This article is an article about DDos attacks and is part of a series of articles about different types of cyber attacks. Denial-of-service (DoS) attacks are a type of cyber attack targeting a specific application or website with the goal of exhausting the target system’s resources, which, in turn, renders the target unreachable or inaccessible, denying legitimate users access to the service.

Manchester University was hit by a cyber attack last week, with the possibility that personal data was stolen by the attacker.  A statement was made on their website by Patrick Hackett, Registrar, Secretary and Chief Operating Officer:

"Regrettably, I have to share with you the news that the University is the victim of a cyber incident. It has been confirmed that some of our systems have been accessed by an unauthorised party and data have likely been copied. Our in-house ex

This article is about a recent cyber attack on Leytonstone School.  The school in Waltham Forest has been closed since half term after it was targeted and a significant amount of personal data was accessed.

The school is still closed to all pupils other than those taking their GCSEs because the school currently does not have a single central record (SCR), sometimes referred to as a single central register.  An SCR is a statutory requirement for all schools and academies in E

A reprimand has been issued by the ICO to Parkside Community Primary School in relation to the infringements of Article 5 (1)(f), Article 24 (1) and Article 32 of the UK GDPR. This article discusses the reprimand and looks and what schools can do to avoid this type of breach.

Some of the information in the reprimand document is redacted, but the main details are:
A safeguarding email was shared in the classroom via the electronic whiteboard. The ICO has found that the school

This article is about firewalls and how they can help in your plan towards being cyber resilient.

What is a firewall?  Think of a firewall as an intruder detection system for your organisation's network.   It is a virtual barrier between your computer or network and the internet. Its role is to keep an eye on all the incoming and outgoing data, like a security guard watching the entrance to your house or office.  The main purpose of a firewall is to protect your co

As we are in the last part of the school year, this is often the time that we see a rise in the number of Subject Access Requests received by schools.  This article, therefore, covers guidance and support around subject access requests, how to recognise them and how to respond.

What is the right of access? Commonly referred to as a subject access request (SAR), gives someone the right to obtain a copy of their personal information from your organisation.
Do people have to submit a

This article is about cyber attacks and data breaches that may go unreported due to the misconceptions about how organisations might respond to them.  The NCSC recently published an article about why transparency around cyber attacks is a good thing for everyone.
The NCSC and the ICO may work on a cyber attack together if an incident brings down a business, severely impacts national services and infrastructure or massively disrupts people's data-to-day lives, however they consider that