Cyber Security – Quick & Cheap Wins!
With cyber security and ransomware on the rise and budgets as tight as ever, we are looking at a series of “quick wins” which can help your school harden your security without breaking the bank.
1 – Educate the Educators:
The number one starting point for ransomware attacks is from staff unwittingly giving up their credentials or opening malicious attachments. There are a number of free training resources available as a starting point. Have a look at https://www.ncsc.gov.uk/information/cyber-security-training-schools where you can get a pre-built slide deck and training video
2 – Protect Your Email:
Your email platform has in-built controls to protect against fraudulent emails. Make sure you’ve configured all of those controls effectively! Also have a look at the NCSC’s Mail Check service which can help set up you platform securely
3 – Batten Down the Hatches:
If an attacker does manage to get access to your systems, don’t give them more access than you need to. Manage the access on all your systems according to the principle of least privelege and avoid giving staff local admin access on their school devices
4 – Three Strikes and You’re Out:
Some attackers may rely on brute force to access your systems. Clamp down on this by ensuring where possible, brute force controls are enabled on your cloud systems, locking accounts after a number of failed login attempts
5 – You Shall Not Pass:
Many devices will have an auto-run feature which can automatically run executable files when they are downloaded onto the device. Disabling this function can avoid nasty files opening and running without the user’s knowledge
6 – What’s the Magic Word?
Effective passwords are the first line of defence against cyber attacks. A good password policy should provide guidelines and advice around password complexity, changes and variation across different systems
Hopefully you found this blog and series of posts useful and informative. In the next series we’ll be looking at some even more effective controls which can be implemented with a little more investment.