Cyber Security and E-Safety Event 23 January 2019

Presented in Partnership with

East Riding of Yorkshire Council & KCOM

East Riding KCOM Paul Johnston, ICT Manager Terry Kent, Product Manager David Cox, Security Manager Leanne Gill, Account Manager Sue Bottomley, School ICT Support Team Leader

Internet Safety Guidance

Presented by:

Terry Kent Product Manager (Internet Security)

KCOM

• Introduction

• Official Facts & Stats

• Internet Safety Checklist For Young Children

• Social Media – Know The Rules!

• The Power Of Image

• Sexting

• Who to contact if you are concerned about your child’s online activity

• Useful and important links

Agenda

Information provided in this document is provided by the NSPCC & internetmatters.org

Official Facts & Stats

31% of 7-11’s said

mean comments stop them enjoying time

online

(internetmatters)

Internet Safety Checklist for young children

•Be clear what your child can and can’t do online – where they can use the internet, how much time they can spend online, the sites they can visit and the type of information they can share. Agree with your child when they can have a mobile phone or tablet

Agree Boundaries

•The best way to find out what your child is doing online is to ask them to tell you about what they do and what sites they like to visit. If they’re happy to, ask them to show you. Talk to them about being a good friend online.

Explore Together

•Install parental controls on your home broadband and any internet-enabled devices. Set up a user account for your child on the main device they use and make sure other accounts in the household are password-protected so that younger children can’t access them by accident.

Put Yourself In Control

•Encourage them to use their tech devices in a communal area like the lounge or kitchen so you can keep an eye on how they’re using the internet and also share in their enjoyment.

Stay Involved

•It’s also a good idea to talk to any older children about what they’re doing online and what they show to younger children. Encourage them to be responsible and help keep their younger siblings safe.

Talk To Siblings

•Use safe search engines such as Swiggle or Kids-search. You can save time by adding these to your ‘Favourites’. Safe search settings can also be activated on Google and other search engines, as well as YouTube.

Search Safely

•The age ratings that come with games, apps, films and social networks are a good guide to whether they’re suitable for your child. For example, the minimum age limit is 13 for several social networking sites, including Facebook and Instagram. Although sites aimed at under-10s like Moshi Monsters and Club Penguin also have social networking elements.

Check If It’s Suitable

•Use airplane mode on your devices when your child is using them so they can’t make any unapproved purchases or interact with anyone online without your knowledge

Use Airplane mode

Know The Social Media Applications – How old do you have to be?

13 14 16 17 18

NOTE! Most, if not all of these platforms have private messenger services which could be available as separate applications

• Is seeing always believing?

Summary

• Take an interest in your child’s online activity, ask them to show you what they’re doing and who they’re talking to

• Have agreed times for online activities

• Encourage your children to do something different away from the internet (vary their activities)

• Try to keep your child's online activity in your view e.g. main living area of your home

• Make sure you have security installed on your connected devices

• Be aware that not everybody online is who they say they are

Useful Sites • https://www.thinkuknow.co.uk • https://www.internetmatters.org • https://www.nspcc.org.uk/preventing-abuse/child-abuse-and-

neglect/online-abuse • https://www.ceop.police.uk/safety-centre/ • https://www.kidpower.org • https://www.gov.uk • http://www.safetynetkids.org.uk

• https://www.getsafeonline.org/safeguarding-children/

Cyber Security

Presented by:

Dave Cox Security Manager

East Riding of Yorkshire

Agenda • Motivation of cyber-attackers

• Cyber Threats facing Schools

• Motivation of cyber-attackers

• Impact of a cyber breach

• Assessing current cyber risk, can this be reduced?

• Cyber questions you should be asking your IT dept / supplier

• Continuous Journey

Cyber Security

• What makes our school an appealing target?

• Hackers could see teachers and parents as a “soft target” since they are often ill-equipped to deal with cyber thefts, while sensitive data held by schools - such as children’s medical records - are lucrative on the dark web.

• Schools hold interesting information and often quite sensitive information. That means they are a target.

• There has been certainly an increase in ransomware and malware attacks. Hackers are looking for any opportunity they can exploit, they are looking for soft targets.

• Not all attacks however are targeted

Motivation of a cyber-attacker

• Phishing Phishing emails are messages that appear to come from trustworthy sites or figures of authority attempting to get the recipient to send personal or financial information.

• Ransomware Education is a sector that is regularly targeted with ransomware:

Fortinet 2017) 5.9% of government organisations 3.5 % of healthcare organisations 13% of educational institutions • Ransomware is a form of malware that encrypts files until a ransom has been paid

and is typically disseminated through malicious links or attachments to emails, which is why schools should employ a secure email gateway.

• Distributed denial of service (DDoS) DDoS attacks are used to halt operations by flooding a school’s bandwidth with requests, causing the system to slow or crash, thereby keeping students, staff, and faculty from accessing the network. As schools have increased their digital, DDoS attacks have the ability to hamper every aspect of online operations.

Cyber Threats facing Schools

Impact of a breach

• What are your “crown jewels”?

• What are the potential impacts if our “crown jewels” were accessed by a cyber-attack?

How likely is a breach?

• When, not if !

What is the current level of cyber-risk and can this be reduced?

• Take Ownership at Senior Level: • Establish a strong online perimeter: • Update content filters, constantly: • Establish solid access control policies: • Ensure secure configuration and patch

management: • Monitoring and incident management: • Invest in cybersecurity and online safety

education: • Don’t forget physical security • Consider personal devices:

Technical

controls Policy

Controls Physical

Controls

Data & Assets

Cyber Questions you should be asking

• How will data be backed up, will this be encrypted? Where will data be stored?

• Will regular vulnerability tests be conducted?

• Are your systems and devices patched and licensed correctly

• Who has access to the data and do the control mechanisms in place meet your IT security policy or standards?

• What recovery arrangements are in place in the event of an IT infrastructure incident?

• Are your staff cyber aware?

• Do you enforce secure passwords, are users reviewed regularly?

• What is the Anti-Virus and Anti-Malware product used on your devices

• IT security is a never ending journey

• Technical, Physical and Policy controls are required to mitigate risks

• Prevention is a goal, Detection is a must

Continuous Journey

DO

CHECK ACT

PLAN

SmartICT4Schools Partnership Website:

www.SmartICT4Schools.com