Skip to main content

Online safety: cybercrime

Last updated on 11 January 2022

Hertfordshire Constabulary offers free Cybercrime training and awareness sessions to all Key Stage 3, 4 and 5 educational institutions. These sessions are delivered by Cyber Protect & Prevent Officers based in the county’s Serious Fraud & Cyber Unit (SFCU).

Sessions include some practical tips on how to protect you, your data and your school from cyber attacks online, be it a breach of your email, social media account through to phishing and social engineering attacks designed to manipulate you into clicking on a link or making a bad choice. We also touch on e-safety such as Privacy settings, online behaviours, and other cyber activity.

In addition to this, we deliver the NCA’s national Cyber Choices programme which aims to steer those susceptible to Cyber criminality away from it and make the right #CyberChoices before it’s too late. For more information, please visit:

National Crime Agency: CyberChoices

For Early Years / Key Stage 1 and 2, Barefoot Computing, in partnership with DfE, have developed a variety of lesson plans designed to be self-taught by teachers and education practitioners. These are available nationally at no cost and are recommended by the Regional Cyber Crime Unit (RCCU). For more information, please go to:

Barefoot Computing

Training staff, students and pupils

Hertfordshire Constabulary are keen to engage with your school. Sessions are free and typically last 50-60 minutes, but can be scaled to meet certain needs. We regularly deliver sessions to teaching staff, senior management teams, board of governors, parents and, crucially, the students. We’re especially keen for teaching staff to gain an understanding of #CyberChoices in order to understand the language, the signs and behaviours, so its option as a safeguarding route becomes business as usual. 

As of September 2021’s edition of Keeping Children Safe in Education (KCSIE), the Home Office and the DfE Safeguarding Team now refer to #CyberChoices as a resource which staff, such as the Designated Safeguarding Lead, can and should utilise. Refer to the section in KCSIE titled ‘Cybercrime’ in part of Annex B, ‘Further Information’.

The financial and human cost to your school

Cybercrime itself, either committed from within or against schools, is becoming common place causing devastation to schools, their reputations and their budgets; as such it’s imperative that schools take this threat seriously.

In March 2021, the National Cyber Security Centre (NCSC) increased its support to the Education sector after a significant rise in Ransomware attacks on the UK’s educational institutions. It only takes a few glances at the news headlines to see the devastation caused to both organisations and individuals as a result of a Cyber-attack or data breach. This could range from reputational damage due to the loss of sensitive data such as customer (students, parents and staff) information, major operational disruption and significant financial loss. The Information Commissioner's Office (ICO) has the power to fine organisations including schools (and indeed it does) for failing to protect personal and financial data.

The long-term damage can pose serious mental and physical health & safety concerns to both those responsible for safeguarding this data, as well as those who find their personal information shared online as a result of such a breach.

Who is targeting your school?

Schools, colleges and universities in Hertfordshire have been attacked online either via an outside threat with a view to disrupt, damage and extort; but increasingly now by insider threats - their own students. These attacks are not particularly sophisticated and could be as simple as stealing their teacher’s password from a Post-It note which they have left on their desk, through to taking advantage of a default password which the school’s IT Security policy which may not be fit for purpose. However, it can involve more complex techniques which students have learned.

The average age of a person who is arrested for a Cybercrime is 17 years old, with students as young as 8-9 coming to notice of the police for doing something illegal online. Do parents truly know what their kids get up to online, let alone understand the Cyber-jargon which they may communicate with? Nowadays Cyber criminality can be learned as easily as watching short online videos and before you realise it, our children are experts in this field, more so than the IT teachers who tutor them. 

Herts Police working in partnership with schools

The Police do not wish to criminalise children and students who are perhaps unaware that their online activity has such serious implications, sometimes criminal. Instead, we’d much prefer to Engage, Educate and Inspire via our #CyberChoices initiative. This cannot be addressed by law enforcement alone.

Do you truly know what goes on within your school’s computer network?

Do you have a robust Cyber policy for students and staff?

Are your staff aware of best practice online?

What do your students get up to in their Computer Science classes?

Are your teachers trained appropriately to deliver such classes?

What health warnings do you give your students for subjects such as the DarkWeb?

It’s imperative that as a society that those in education, care and support sectors start to “SpeakCyber” as though it was any other safeguarding concern. Whether well versed in Cyber/Digital or not, we must not ignore this very real threat. Don’t let your school be the next one to receive a fine by the ICO or be on front-page news for a Ransomware attack or data breach which could have been avoided through some simple steps.

If you would like to arrange talks for staff/students, please contact us via hertscyberprotect@herts.pnn.police.

 

First published 11 January 2022 - Last updated on 11 January 2022