Billy Blue Hat, Roger Red Hat – Cyber Security 1

Who remembers reading the Roger Red Hat or Billy Blue Hat books? With my rose tinted glasses they were great stories during my infant school years. Maybe these days the stories need to be about Wesley White Hat and Brian Black Hat – Hackers or Cyber Attackers gaining access to our computer systems?  Wesley White Hat would gain access to networks, hardware or software, discover the breaches and tell the network owner how to solve them.  Brian Black Hat is much more of a concern and gains access for personal gain.  Both could be joined by Script Kiddies, opportunistic and unskilled characters using automated software tools to gain access to computer systems.  These stories would have to include a superhero or Cyber Defender (enter stage left the IT Network Manager or SBM) using all the tools at their disposal to prevent the breaches.  They need to get it right every single time, whereas a Cyber Attacker needs to get it right just once.  And the Cyber Attackers do get it right, according to the Department for Digital, Cultural, Media & Sport this year, 43% of small businesses and 72% of businesses with incomes surplus of £5 million, have reported cyber security breaches.

Titles in the series of books following the adventures of Wesley White Hat and Brian Black Hat could include:

• CEO Fraud
• Phishing, Pharming, Vishing and Smishing
• Social engineering
• Fraud – online and invoice
• Ransomware
• Rogue staff
• Whaling

No doubt there will be additions to the series in the future as Brian Black Hat thinks up more calculating ways to attack the cyber security of innocent individuals, businesses, organisations and schools.

Yesterday I attended a Fraud Risk event which featured lecturers from the local college and cyber fraud experts from Lloyds Bank and South West Regional Cyber Crime Unit, I found it truly fascinating / scary / inspiring and informing.  Take a look https://www.lloydsbank.com/business/security.asp for more information about how you can protect yourself against cyber fraud.  How do you know this link is secure though? Don’t worry the https is the indicator, so is the padlock icon.  Be mindful though that the first page in any website might be secure but subsequent pages might not be, especially important when inputting credit card details.  Is your own school website secure?

Other websites have advice about how to be safe online including https://getsafeonline.org/ maybe share with staff and your own families, especially elderly parents who can be targeted relentlessly by fraudsters online and via the phone.  My poor parents have 3 or 4 calls a day from fraudsters telling them their internet has been compromised or their bank wants to make a payment to them or that one of their utility companies needs to pay them a refund.  So far they’ve spotted the caller’s true intent, they have applied some pragmatic paranoia and asked themselves “is this caller really who they say they are?”  Sadly others are too trusting.  The fraudsters use our natural instinct to trust against us.  Anyone really can become a victim of a cyber attack.

Will Smart, NHS Chief Information Officer says “Cyber is a culture, attitude and leadership issue”. Have you discussed cyber security at your SLT? So what tools are in your school’s Cyber Defender’s toolbox? What training do you provide your staff? Only 20% of businesses have had any cyber security training in the last 12 months and yet generally it is the human factors which are the weakest link in cyber security.  They either don’t understand what a cyber attack looks like or the individual does not take any action to prevent the spread of the attack.

Really sorry if I’ve overwhelmed you with something else to think or worry about. There is support out there, but make sure you get it from the right people!  The National Cyber Security Centre provides 10 steps to cyber security https://www.ncsc.gov.uk/  Some schools are applying for the Cyber Essentials certificate or Cyber Essentials Plus certificate as these demonstrate to their suppliers and customers that they take their cyber security seriously – have a look https://www.cyberessentials.ncsc.gov.uk/ If your IT support isn’t in house, as is the case in many primary schools, have a conversation with your IT support provider about cyber security.  Ask them about their patching policy, what’s their breach management process? Do they have any cyber security credentials? Start talking to them about how the school’s cyber security can be improved, then of course update your risk register…

Back in the early 1980s when I was reading about Roger Red Hat and Billy Blue Hat were definitely more innocent and password free for me, untouched by cyber attackers, definitely didn’t have a home computer then! Hiding in the past or leaving it to someone else to become a Cyber Defender is not an option, we all need to be aware and continue to champion cyber security as Tim Cook, Apple CEO says:

 “in the world of cyber security the last thing you want is to have a target painted on you.”

Helen Burge

Academy Business Leader