Cyber Security and E-Safety Event - 23 January 2019 - Smart ICT 4 Schools

Page created by Brad Willis
 
CONTINUE READING
Cyber Security and E-Safety Event - 23 January 2019 - Smart ICT 4 Schools
Cyber Security and E-Safety Event
                         23 January 2019

                            Presented in Partnership with

                East Riding of Yorkshire Council & KCOM

East Riding                                    KCOM
Paul Johnston, ICT Manager                    Terry Kent, Product Manager
David Cox, Security Manager                   Leanne Gill, Account Manager
Sue Bottomley, School ICT Support Team Leader
Cyber Security and E-Safety Event - 23 January 2019 - Smart ICT 4 Schools
Internet Safety
      Guidance
           Presented by:

           Terry Kent
Product Manager (Internet Security)
             KCOM
Cyber Security and E-Safety Event - 23 January 2019 - Smart ICT 4 Schools
Agenda
• Introduction
• Official Facts & Stats
• Internet Safety Checklist For Young Children
• Social Media – Know The Rules!
• The Power Of Image
• Sexting
• Who to contact if you are concerned about your
  child’s online activity
• Useful and important links
         Information provided in this document is provided by the NSPCC & internetmatters.org
Cyber Security and E-Safety Event - 23 January 2019 - Smart ICT 4 Schools
Official Facts & Stats
    31% of 7-11’s said
    mean comments stop
     them enjoying time
           online
         (internetmatters)
Cyber Security and E-Safety Event - 23 January 2019 - Smart ICT 4 Schools
Internet Safety Checklist for young children
Agree Boundaries
•Be clear what your child can and can’t do online – where they can use the internet, how much time they can spend online, the sites they can
 visit and the type of information they can share. Agree with your child when they can have a mobile phone or tablet

Explore Together
•The best way to find out what your child is doing online is to ask them to tell you about what they do and what sites they like to visit. If
 they’re happy to, ask them to show you. Talk to them about being a good friend online.

Put Yourself In Control
•Install parental controls on your home broadband and any internet-enabled devices. Set up a user account for your child on the main device
 they use and make sure other accounts in the household are password-protected so that younger children can’t access them by accident.

Stay Involved
•Encourage them to use their tech devices in a communal area like the lounge or kitchen so you can keep an eye on how they’re using the
 internet and also share in their enjoyment.

Talk To Siblings
•It’s also a good idea to talk to any older children about what they’re doing online and what they show to younger children. Encourage them to
 be responsible and help keep their younger siblings safe.

Search Safely
•Use safe search engines such as Swiggle or Kids-search. You can save time by adding these to your ‘Favourites’. Safe search settings can also
 be activated on Google and other search engines, as well as YouTube.

Check If It’s Suitable
•The age ratings that come with games, apps, films and social networks are a good guide to whether they’re suitable for your child. For
 example, the minimum age limit is 13 for several social networking sites, including Facebook and Instagram. Although sites aimed at under-
 10s like Moshi Monsters and Club Penguin also have social networking elements.

Use Airplane mode
•Use airplane mode on your devices when your child is using them so they can’t make any unapproved purchases or interact with anyone
 online without your knowledge
Cyber Security and E-Safety Event - 23 January 2019 - Smart ICT 4 Schools
Know The Social Media Applications – How old do you have
                        to be?

   13                14           16              17             18
 NOTE! Most, if not all of these platforms have private messenger services which
                   could be available as separate applications
Cyber Security and E-Safety Event - 23 January 2019 - Smart ICT 4 Schools
Cyber Security and E-Safety Event - 23 January 2019 - Smart ICT 4 Schools
• Is seeing always believing?
Summary
• Take an interest in your child’s online activity, ask them to show you
  what they’re doing and who they’re talking to

• Have agreed times for online activities

• Encourage your children to do something different away from the
  internet (vary their activities)

• Try to keep your child's online activity in your view e.g. main living area
  of your home

• Make sure you have security installed on your connected devices

• Be aware that not everybody online is who they say they are
Useful Sites
• https://www.thinkuknow.co.uk

• https://www.internetmatters.org

• https://www.nspcc.org.uk/preventing-abuse/child-abuse-and-
  neglect/online-abuse

• https://www.ceop.police.uk/safety-centre/

• https://www.kidpower.org

• https://www.gov.uk

• http://www.safetynetkids.org.uk

• https://www.getsafeonline.org/safeguarding-children/
Cyber Security
       Presented by:

         Dave Cox
     Security Manager
  East Riding of Yorkshire
Cyber Security
                        Agenda
• Motivation of cyber-attackers
• Cyber Threats facing Schools
• Motivation of cyber-attackers
• Impact of a cyber breach
• Assessing current cyber risk, can this be reduced?
• Cyber questions you should be asking your IT dept /
  supplier
• Continuous Journey
Motivation of a cyber-attacker
• What makes our school an appealing target?
• Hackers could see teachers and parents as a “soft target” since they
  are often ill-equipped to deal with cyber thefts, while sensitive data
  held by schools - such as children’s medical records - are lucrative
  on the dark web.
• Schools hold interesting information and often quite sensitive
  information. That means they are a target.
• There has been certainly an increase in ransomware and malware
  attacks. Hackers are looking for any opportunity they can exploit,
  they are looking for soft targets.
• Not all attacks however are targeted
Cyber Threats facing Schools
•  Phishing
   Phishing emails are messages that appear to come from trustworthy sites or
   figures of authority attempting to get the recipient to send personal or financial
   information.
• Ransomware
  Education is a sector that is regularly targeted with ransomware:
   Fortinet 2017)
          5.9% of government organisations
          3.5 % of healthcare organisations
          13% of educational institutions
• Ransomware is a form of malware that encrypts files until a ransom has been paid
   and is typically disseminated through malicious links or attachments to emails,
   which is why schools should employ a secure email gateway.
• Distributed denial of service (DDoS)
   DDoS attacks are used to halt operations by flooding a school’s bandwidth with
   requests, causing the system to slow or crash, thereby keeping students, staff, and
   faculty from accessing the network. As schools have increased their digital, DDoS
   attacks have the ability to hamper every aspect of online operations.
Impact of a breach
• What are your “crown jewels”?
• What are the potential impacts if our “crown
  jewels” were accessed by a cyber-attack?

         How likely is a breach?
  • When, not if !
What is the current level of cyber-risk and
          can this be reduced?
•   Take Ownership at Senior Level:
•   Establish a strong online perimeter:
•   Update content filters, constantly:
•   Establish solid access control policies:    Technic
•   Ensure secure configuration and patch          al
                                                control
    management:                                    s
                                                 Policy
•   Monitoring and incident management:         Control
                                                   s
                                                Physica
•   Invest in cybersecurity and online safety      l
                                                Control
    education:                                     s
•   Don’t forget physical security              Data &
•   Consider personal devices:                  Assets
Cyber Questions you should be asking
•   How will data be backed up, will this be encrypted? Where will data be stored?

•   Will regular vulnerability tests be conducted?

•   Are your systems and devices patched and licensed correctly

•   Who has access to the data and do the control mechanisms in place meet your
    IT security policy or standards?

•   What recovery arrangements are in place in the event of an IT infrastructure
    incident?

•   Are your staff cyber aware?

•   Do you enforce secure passwords, are users reviewed regularly?

•   What is the Anti-Virus and Anti-Malware product used on your devices
Continuous Journey
• IT security is a never
  ending journey
                               PLAN    DO
• Technical, Physical and
  Policy controls are
  required to mitigate risks
                               ACT    CHECK
• Prevention is a goal,
  Detection is a must
SmartICT4Schools Partnership Website:

www.SmartICT4Schools.com
You can also read