Cyb Cyber security er security fo for all: r all: Wh Why kee y keepin ping g co colle llege ges s on onlin line is is a a co colle llect ctive ive re respo sponsibilit nsibility Hannah H Hannah.h@ncsc.gov.uk Education & Academia Engagement
Structure • Background: to cyber security and to NCSC • What we can all do as users of tech • Cyber security conversation starters • Resources • How you can help me to help you
Introductions “ Helping to make the UK the safest place to live and work online” www.ncsc.gov.uk
Cyber security is not the same as online safety.
Cyber security is how individuals and organisations reduce the risk of cyber attack. More specifically: • About protecting the devices we use and the services we access from electronic theft or damage. • Preventing unauthorised access to the personal information we store on devices and online.
Why is it my problem, and why now? Because colleges – like practically every organisation – depend on technology and connectivity to function Because all users of this technology can affect how well it works – or doesn’t work– for everyone The move to online learning has brought this home to us more than ever There are additional risks in having so many people accessing systems remotely and/or using their own devices to do so Because IT staff really need a break!
How to become more cyber aware at work, at home and at play
Six starter tips for home and/or work 1. Use a separate password for your email account Use ‘three random words’ to create a password 2. 3. Turn on two-factor authentication on your most sensitive accounts 4. Update your devices when prompted 5. Back up your data 6. Think before you click on attachments or links in emails
Seven tips for working from home Read your IT department’s advice, e.g. BYOD policies 1. 2. Enable passwords on your home WiFi 3. Switch on firewalls, use anti-virus software 4. Set up a separate account for work (if using your own device) Lock your screen and don’t share passwords with family members – to lessen the 5. chance of accidents 6. Think about any synched devices 7. If in doubt, call it out! (or at least ask).
Why we need to talk about cyber security and yes, that means you.
As a staff member, have I had cyber security training? How long ago? Was it any good? Do I remember it? And what about students?
Does your college have a positive security culture? e.g. do the policies you have work for users? Are ‘work arounds’ commonplace? Do users feel confident reporting concerns or mistakes?
How much do decision makers and technical experts communicate about cyber security ? e.g. on the threat, mitigations, risk appetite, incidents & near misses, training needs, funding, baseline standards
Do senior leaders and governors see cyber security as a strategic responsibility? Is it recognised as a corporate risk?
Is the IT security team enabled to fulfil their role? e.g. funding, training, staffing levels, organisational structure, influence…
Resources All available from www.ncsc.gov.uk
For everyone Top Tips for Staff 30 minute online training (free) https://www.ncsc.gov.uk/training/top-tips-for-staff-web/story_html5.html Cyber Aware Practical, actionable tips https://www.ncsc.gov.uk/cyberaware/home Our blogs on homeworking NB Links in the notes section
For leadership teams Cyber security toolkit for boards – https://www.ncsc.gov.uk/collection/board-toolkit Exercise in a Box – https://www.ncsc.gov.uk/information/exercise-in-a-box Small Business Guide - even if you’re not small! https://www.ncsc.gov.uk/collection/small-business-guide
For IT managers Specific guidance on our website on topics such as phishing , the cloud, video conferencing, password managers etc. Homeworking guidance - https://www.ncsc.gov.uk/guidance/home-working Guidance on moving business online - https://www.ncsc.gov.uk/guidance/moving-business-from-physical-to-digital Cyber Essentials – baseline against common cyber attacks https://www.ncsc.gov.uk/cyberessentials/overview
Mailcheck Our free tool to assist you with email security configuration and reporting (DMARC) Previously used across public sector - recently extended to FE and HE Helps prevent spoof emails being sent from your domain Only 17 colleges signed up so far See https://www.mailcheck.service.ncsc.gov.uk/ https://www.ncsc.gov.uk/information/mailcheck
What next? • How can we help you improve colleges’ cyber security? • How can we do this at scale? • How can we keep talking to each other? and don’t forget about mailcheck! https://www.mailcheck.service.ncsc.gov.uk/ Hannah.h@ncsc.gov.uk
Recommend
More recommend