InfoSec / Cyber

    You are here:  
  1. Home
  2. InfoSec / Cyber
  3. October is Cyber Security Awareness Month: 28. Phishing
Hooded person over a computer linked to a padlock and password, badge for data protection officer, white text saying Be Cyber Aware
Information/Cyber Security

October is Cyber Security Awareness Month: 28. Phishing

October is Cyber Security Awareness Month, and while we don't think that cyber awareness is something to cover just once in the year, we think it's a good opportunity to publish some information that can be used all year round.
Awareness Day  Twenty Eight: Phishing
Awareness Day Twenty Eight Phishing

91% of all cyber attacks begin with a phishing email to an unexpected victim :Deloitte News Article.

General guidance for preventing a phishing attack:
Install security software on mobile devices.
Avoid browsing certain websites, block if necessary.
Only download reputable mobile applications from legitimate sources and restrict within an organisation.  Consider having an 'approved' software list for the organisation.
Exercise caution on social media.
Use different passwords - see previous article on Passwords: 

.
Beware of phishing emails - Article: .
Be careful when using public wireless networks.
Consciously keep up with current security trends and threats. Ensure staff are trained on how to recognise a phishing email and what to do when they receive one.  Consider running a phishing campaign as a training exercise: DPE Phishing Campaign.

Review: DfE Cyber Security Standards for Schools and Colleges.

Review NCSC Phishing Guidance:
Phishing: Spot and report scam emails, texts, websites and calls
Phishing attacks: defending your organisation

Review DPE's previous articles about phishing:













More questions like these are in our Information and Cyber Security Checklist (only viewable with a valid Data Protection Education subscription):

What to do in the event of a Cyber Attack 

Tell someone!  Report to IT. Report to SLT.

Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off.

If you are a victim of a ransomware attack we would recommend reporting this to:
Your local police and ask for the cyber crime team.
Phone 101 and ask for the cyber crime team.
Action Fraud: https://www.actionfraud.police.uk/ as well as your data protection officer so they can advise about the data loss.  Most cyber crimes like these will also need to be reported to the ICO by your data protection officer. Our customers should email This email address is being protected from spambots. You need JavaScript enabled to view it..

They should put you in contact with your local ROCU (Regional Organised Crime Unit), find yours here:
https://www.ncsc.gov.uk/information/regional-organised-crime-units-rocus

Isolate the infected device and pass to IT 

Always ensure there are backups you can restore from.
Preserving evidence is as important as recovering from the crime.

Little Guide to ACTION FRAUD

©2023 Data Protection Education Ltd.

Search

  • News
  • Keep in the know