When it comes to cyber security, there are many rules to keep in mind and be aware of. This topic can sometimes be considered complex, and this may be why there are many misconceptions related to it. It is easy to step away from the problem because it is not currently affecting you personally, but it is also important to protect yourself from the potential risks you may face. A recent study carried out by London Grid for Learning (LGfL) and the National Cyber Security Centre (NCSC) showed that 83% of schools had encountered a cyber security incident. Children’s data is considered to be high-risk; because of this, it is essential that schools are proactive towards keeping their GDPR compliance.
A good way to start the process to achieve full GDPR compliance is to identify myths and realities involving cyber security.
No matter what kind of data you hold, any of it can be considered useful by a hacker. Schools usually hold plenty of sensitive data about staff, children and their families, including personal information and payment details. Schools can be considered a target by hackers, so it is essential to keep the data as secure as possible. Any organisation is a target.
Many schools would argue that adapting a security measure would require them to spend too much of the money from their budget. However, if your school is not cyber secure, you are risking GDPR fines that can be as high as £17.5 million. Taking a strategic, risk-based approach can make security significantly more affordable. Investing in a security measure wouldn’t only reduce the risk of a data breach, it would also reassure your school community.
Cyber security is essential because of the many requirements that come with technology, however, it is essential that people are trained accordingly to be safe online. Humans make mistakes: by accidentally clicking on a malicious link, a data breach can follow. Other common instances include clicking on phishing emails and ads.
IT certainly has a lot to learn and be cautious of when it comes to cyber security. However, every employee in an organisation should do the same, for the same reason mentioned above. Security is everyone’s responsibility. If more and more people get involved, others will be motivated to be educated and learn more about online safety.
Another misconception about cyber security is that threats can only be external. External threats are real – but so is the internal threat. The most common sources of internal threats are not intentional, and they include weak passwords, unlocked devices and unsecured Wi-Fi networks. It is important to avoid these to be secure.
Any device can be affected by viruses and malware. Phones can easily be hacked into because they are still connected to the Internet. Threats can often come from legitimate websites and even social media. Mobile devices are significant vulnerabilities too – not just your computers.
Acknowledging that these myths are only myths is already a great start to your cyber security strategy. These issues can be tackled easily and affordably. Once you are more comfortable with your approach to these risks, you can develop a more complex strategy to mature cyber defences.
Other important things to keep in mind to be secure are:
Learn more about data protection on our GDPR for Schools page, where you will find downloadable and printable guides, posters and checklists for your school community.