As recommended in the DfE’s Cyber Security Standards, staff who access your IT network must take basic cyber security training every year. While there are a variety of external training platforms and phishing simulation providers, the minimum the DfE recommend is for all staff to complete the NCSC’s video training.
Where is the NCSC’s training video
The training video provided by the NCSC is hosted on YouTube and can be found on the NCSC’s Cyber security training for school staff page.
Topics covered in the NCSC training video
The training video covers a variety of cyber security topics and is designed to help school staff understand the risks involved with using IT systems, how to defend against risks and generally how to improve their personal cyber health.
The first section of the video highlights that you should promote a culture where everyone feels comfortable speaking out if they feel that something isn’t right. This is followed by examples of potential cyber security risks in day-to-day life for school staff:
- Accidentally emailing data to the wrong person
- Losing IT equipment that contains school data
- Receiving suspicious emails from internal or external senders
- Receiving emails that ask you to act with urgency or to click a link and login to an account
- Suspicious activity on an IT device
Case studies discussed on the video
A number of real-world case studies are provided to give context around the topics being discussed:
- Targeted attacks from someone pretending to the DfE, aiming to take down the school network with ransomware
- Phishing attack leading to the compromise of parent contact information
- Student noticed a teacher’s password on a post-it note stuck to their monitor, accessed school systems using the account
Key ways to defend against phishing attempts
The video provides extensive detail of how to protect against one of the largest attack vectors used by cyber criminals – phishing emails. The advice includes:
- Be cautious with emails that ask you to click a link and login
- Review the privacy settings on your accounts and think about what you post online
- Be aware of the hallmarks of a phishing attempt, such as emails that require urgency and authority or that pressure you to act
- Be aware of emails that claim they have personal compromising information about you
The video spends some time discussing password health and the importance of using unique passwords, this includes:
- Don’t use the same password across multiple accounts
- Use a strong password for important accounts such as work, banking and online shopping
- Save passwords using a Password Managers or your browser
- Switch on Multi-Factor Authentication where possible, for all your online accounts
General recommendations for technology devices
The video also provides general advice for reducing the risk when using personal devices, such as laptops, PCs and mobile phones. This includes:
- Don’t ignore software updates on your personal devices, such as your phone, tablet and personal laptop or PC
- Enable automatic updates on your personal devices
- Only download software and apps from official app stores
- If you access work accounts on your personal devices, make sure other apps are not accessing your work data
- Always secure your devices with a screen lock such as a PIN, password, fingerprint or facial recognition
- Keep backups of your personal information, in the cloud or off-line
- Only use encrypted USB sticks
Who are the NCSC
The National Cyber Security Centre (NCSC) is a part GCHQ, the UK’s intelligence, security and cyber agency. The NCSC provide a variety of materials for the country, from individuals and families to large organisations and the public sector.
How we can help
We are partners with leading Cyber Security training providers allowing us to provide a tailored training solution for your organisation. As a provider of Managed IT Support, working with Schools and MATs across the UK, we can help you work towards the DfE’s recommendations. Please get in touch if you would like advice on the best way to meet the standards.