Ofsted Reg. No: 108416
Early Years Practitioners: Using cyber security to protect the setting Procedure update date: 15th September 2022
Updated by: Sonia Scott – Data Protection Officer Level 2 since Sep 2018 ICO registration number: A8384736
Early Years education and childcare settings], like most other work environments, are increasingly reliant on technology.
Smartphones, computers, laptops and tablets are a fundamental part of modern life. From online banking and shopping, to email and social media, to the ‘smart’ devices that monitor and protect our homes and work premises – it’s difficult to imagine how we’d function without them.
That’s why it’s more important than ever to take steps to protect these devices (and the data we store on them) from accidental damage, or from online criminals. And it’s also why cyber security is important to all of us. Cyber security is about safeguarding the devices we rely on, and protecting the services that all businesses, large and small, need to function.
Why does cyber security matter for LG practitioners?
For LG Little Graduates practitioners, cyber security also plays a role in safeguarding the children in our care. Good cyber security means protecting the personal or sensitive information we hold on these children and their families. The national Early Years legislation and advice and the Data Protection Act require us to hold confidential information and records about staff and children securely, and
Ofsted Reg. No: 108416
ensure these can only be accessed by those who have a right or professional need to see them (either physically or digitally/online).
We may not think it, but regardless of the size and nature of our setting, the information that we hold is of value to a criminal. And although they may not target our setting directly, it’s all too easy to be damaged by scam emails that cyber criminals send out indiscriminately to millions of businesses.
Cyber criminals will go after anybody, provided there’s money to be made. Even if you don’t lose money directly, a data breach (which is when information held by a business is stolen or accessed without authorisation) could cause temporary shutdown of the setting and reputational damage with the families we engage with. It could also leave us open to an investigation by the Information Commissioner’s Office (ICO).
This may all sound quite alarming, but there’s no need to panic. This guidance from the NCSC has been produced to help practitioners working in Early Years settings to protect the data and devices we probably use every day. It could save time, money and even the
setting’s reputation.
Even if we think we’re not at risk, I’d encourage you to read the guidance. Following the four steps outlined below will reduce the likelihood of LG being a victim and will help you get back on your feet should the worst happen.
Ofsted Reg. No: 108416
Think about how much you rely on technology to run our setting, and the information stored on our computers. This includes sensitive information about the children in our care, their families, staff records, family contact details in an emergency, and other highly personal information. There’s also business-critical data such as email, fee payments, banking and invoices.
Now imagine how long you would be able to operate without them.
It’s important to keep a backup copy of this essential information in case something happens to our IT equipment, or in the setting’s premises. There could be an accident (such as fire, flood, or loss), we could have equipment stolen, or a computer virus could damage, delete, or lock our data until a ransom is paid.
Start by identifying our most important information – that is, the information that LG couldn’t function without or that we’re legally obliged to safeguard. Make a backup copy ‘in the cloud‘. Having made your backup, make sure you know how to recover the information from it. The INM Instant Nursery Management software and the Tapestry Journal include tools to help us do this and is run by the DPO Data Protection Officer. For LG email addresses
Ofsted Reg. No: 108416
contact our IT support, DPO or look online for instructions. To get you started, here are some ‘how-to’ guides for setting up cloud storage:
When used correctly, passwords are an effective way to prevent anyone who’s not authorised from accessing our email accounts, our devices, and the data we store on them. This section outlines some things to keep in mind when using passwords.
Ofsted Reg. No: 108416
Switch on password protection (or other ‘sign-in’ options)
Make sure that the devices in our setting (so laptops, PCs and tablets) require a password when you switch them on. If you’d rather not use a password, choose another method to ‘lock’ your device, such as a fingerprint, PIN, screen-pattern, or face recognition. If you need help doing this, I’ve included some links below:
Use strong passwords
Try to avoid using predictable passwords (such as dates, or family and pet names), and don’t use the most common passwords that criminals can easily guess (like ‘passw0rd’). To create a memorable password that’s hard for someone else to guess, you can combine
three random words to create a single password (for example ‘dogtreecereal’).
It’s really important not to re-use the same password for all different online accounts. In particular, use a strong and separate password for the nursery emails. If a hacker can access our mailbox, they could access information about our payments, invoices, children (and their families), as well as send emails pretending to be from Little Graduates nursery.
Ofsted Reg. No: 108416
Look after your passwords
Of course, most of us have lots of online accounts, so creating different passwords for all of them (and remembering them) is difficult. However, to make this easier, you should:
It’s safe to let browsers save your passwords.
If more than one person is accessing the nursery computer, you should ideally have different accounts, and different passwords for each practitioner. Where this isn’t possible, make sure you know who has access to our devices, who knows the password, and that the DPO and managing director are OK with this. Don’t write the password
Ofsted Reg. No: 108416
on a post-it that’s stuck to the computer, where anyone could access your details. For the same reasons, use a lock screen when you’re not at your desk, and make sure you change your passwords when a member of staff with access to the devices leaves the nursery.
Set up 2-Step Verification (2SV)
Many online accounts and services allow you to set up 2-Step Verification (2SV), which means that even if a hacker knows your password, they won’t be able to access our accounts. It usually works by sending you a PIN or code (often sent by SMS), which you’ll then have to enter to prove that it’s really you. If you’re given the option, it’s worth taking the time to set up 2SV on your most important accounts (like emails and banking) – it only takes a few minutes, and you’re much safer online as a result.
Communicating safely with our families (including social media)
If you send out newsletters, social media posts, Tapestry memos, website campaigns or any other communications that include photos or details of children in our care, make sure to verify we have a signed F5: Photograph consent. You should use the INM software by admin@lgmontessori.com or Tapestry, so only families who have been given the password can open them. Your DPO should also check the privacy settings across any social media accounts the nursery uses, so that only the child’s carers have access (the NCSC has published guidance to help us do this).
Ofsted Reg. No: 108416
Viruses are a type of malicious program that can harm devices such as computers and laptops. Once the nursery device has been infected, this malicious software (also known as malware) can steal our data, erase it completely, or even lock you out of the device.
Just like real-life viruses, computer viruses spread easily. Our devices can become infected by accidentally downloading an email attachment that contains a virus, or by plugging in a USB stick that is already infected. You can even get infected from a dodgy website that you’ve been tricked into visiting.
This section contains tips about how to protect our devices from the damage caused by viruses and other types of malware.
Turn on your antivirus product
You should always use antivirus software on the laptops and other computers in LG. It’s often included for free, so it’s just a matter of turning it on, and keeping it up to date. Most modern smartphones and tablets don’t need antivirus software, provided you only install apps and software from official stores such as Google Play and Apple’s App Store (talk with your DPO or IT support for advice).
Ofsted Reg. No: 108416
Keep all Little Graduates IT devices up to date
Don’t put off applying updates to your apps and your device’s software. These updates include protection from viruses and other kinds of malware and will often include improvements and new features. Applying software updates is one of the most important things you can do to protect our devices. Update all apps and the
device’s operating system when you’re prompted. You can also turn on ‘automatic updates’ in our device’s settings, if available. This will mean you do not have to remember to apply updates.
If you think a nursery device contains a virus (or any other type of malware), please contact immediately: DPO, managing director.
‘Phishing’ emails are scam messages that try to convince you to click on links to dodgy websites, or to download dangerous attachments. The websites might try and trick you into giving sensitive information away (such as bank details, funding, number of children in the setting, staff number-records, parent’s data), and the attachments can contain computer viruses that will infect Little Graduates machine.
Many phishing emails are currently preying on fears of COVID-19, Ofsted Inspections, Council audits and so on, but criminals can also use other methods to trick you, such as sending text (SMS) messages, or by phone. However, the term ‘phishing’ is mainly used to describe scams that arrive by email.
Ofsted Reg. No: 108416
This section describes how to spot the most obvious signs of a phishing email, and what to do if you think you’ve clicked a suspicious link.
Tips for spotting suspicious messages
Spotting scam emails is tricky, but things to look out for include:
✓ official-sounding messages about ‘resetting passwords’, ‘receiving compensation’, ‘scanning devices’ or ‘missed deliveries’
✓ emails full of ‘tech speak’, designed to sound more
convincing
✓ being urged to act immediately or within a limited timeframe
The message will often claim to be from an authority figure (like a bank, Ofsted, Local Authority, or nursery organisation). If you have any doubts, contact your DPO or managing director. Don’t use the links or contact details in any messages you have been sent.
Ofsted Reg. No: 108416
Help Little Graduates staff to spot unusual requests
Do colleagues and staff at LG know what to do with unusual emails or phone calls, and where to get help? Ask yourself whether someone impersonating an important individual (a parent, manager, or member of the local authority) would be challenged. Think about how you can encourage and support your staff to question suspicious or just unusual requests, even if they appear to be from important individuals. Having the confidence to ask ‘is this genuine?’ can be the difference between staying safe, or a costly mishap. Always contact the DPO or managing director if you have any doubts.
Reporting suspicious messages
If you receive a message from an organisation or person that doesn’t normally contact you, or if something just doesn’t feel right, please report it to your managing director or DPO. If you’ve received a suspicious email, forward it to admin@lgmontessori.com and risvanasheikh@googlemail.com
Find out more
For more information, please visit our website (www.ncsc.gov.uk). It’s full of information and guidance that will help you learn how to protect your data and devices. You might find the following sections particularly useful:
• Cyber Aware (the government’s advice on how to stay secure online)
No products in the cart.
