Staff portal: Cyber security

Schools are increasingly becoming targets of cyber security hacks. In one case, hackers accessed a school’s system via a link in an email and held all of the information saved on their system to ransom for £100,000. In other cases, hackers have spoofed a user’s email address to ask their School Business Manager to change their bank account details, diverting their pay from the genuine bank account to the hackers’ account.

We are continually reviewing and improving our internal cyber security processes to help all of our systems stay secure, but we also need every individual working in school to take responsibility for the security of their own information. There are a number of very quick, easy things you can do right away to prevent you becoming a target or a victim of hacking.

If you have any questions or concerns about your passwords or security in general, please email Kyra, who will be happy to help.

Office 365 / email passwords

From Monday 14th February 2022, everybody whose Office 365/email password is older than 90 days will be asked to reset their password. If your password is older than 90 days on 14th February, you will be asked to change your password. We strongly recommend that your change your password as soon as you are able to, if you think this applies to you.

When this new policy is implemented, the requirements for passwords will also be stricter than they have been in the past:
• Be a minimum of 8 characters and a maximum of 256 characters
• Requires three out of four of the following:
– Lowercase characters
– Uppercase characters
– Numbers (0-9)
– Symbols
• The last password can’t be used again when the user changes a password
• Password cannot contain the username

Going forward from 14th February, you will be given 14 days’ notice that your password is due to expire.

If you have any questions about how to reset your password, please contact Soft Egg, who will be able to help you. Please do not contact your School Business Manager or admin teams, who are already working beyond capacitys, who are already working beyond capacity.

How to set strong passwords >

Reset your Outlook password >

Secure passwords

Do not use the same password for any systems in school that you use outside of school. If your password gets stolen or leaked from your personal email address, it is much easier for it to be used to access school systems. If you are using the same password in school at the moment, please change it urgently

Do not use the same password for more than one system. If you are using the same password to log in to your laptop, log in to your emails, and log in to SIMS then you are making the hackers’ lives 3 times easier! Please use one, strong password for each system you use inside school

Do not set a password to match a username. If a hacker accesses a username, and it matches the password, then they are in! Make sure your passwords are unique to each other, and any usernames you have

How to set strong passwords >

Reset your Outlook password >

Phishing emails

We have received emails into our school offices from individuals pretending to be Lyssy, and asking us to make purchases on her direction. These emails were sophisticated, and used the names of the individuals they were sent to. 

Through the diligence of our office staff, the emails were not acted on and were reported.

In light of this, we require all staff to maintain their vigilence regarding phishing attempts. We now have a red EXTERNAL EMAIL flag on all emails that are sent from outside our organisation. If you receive an email where the sender’s name is internal (eg Lyssy) but the email has that flag on it, then be wary! You will NOT get that flag on any emails that have been sent internally, by someone using their legitimate work email address – even if they are using their iPad or mobile to send the email. The flag is generated by the email address used to send the email and not the device used.

If you receive an email that you are not sure about, send Kyra a screenshot (don’t forward the email!) or call the person the email says it is from. No one minds taking the time to check these things out, or for something to take a bit longer to be actioned, if we are making sure it is a valid request.

Scanning QR codes >

Think before you link

Be careful with links. Please make sure that you are certain a link is safe before clicking on it. If you’re not certain, don’t click on it or forward it. Ask your School Business Manager or Computing Lead to look at the link with you to make sure it is safe. The majority of hacking occurs through dodgy links that have been clicked on inadvertently, so you must take care to be vigilant. The video in the ‘Useful Resources’ section is only 2 minutes long, and gives some very simple and clear advice on what to look out for in emails. Please take a moment to watch it.

Spear fishing video >

Training for school staff

School staff are a critical part of a school’s IT security defence. The video on the right looks at what threats schools face and gives tips on good cyber hygiene that can help you improve your school’s cyber resilience.

Cyber security video >

Practical tips (poster) >

Practical tips (leaflet) >