Develop students cyber skills

The National Crime Agency (NCA) has partnered with Cyber Security Challenge UK (CSC UK) to give students free access to ‘CyberLand’ from 1st May 2020.
CyberLand is a virtual city which provides gamified modules teaching the fundamentals of cyber security such as firewall configuration and digital forensics. There are 16 interactive exercises which are suitable for 12-18 year-olds.

The resources are designed around the concept of protecting ‘CyberLand’ from a cyber-attack and can be accessed here:

A key aim of this initiative is to provide a safe environment for young people to develop their cyber skills whilst mitigating the risk of them inadvertently committing cyber crime offences.

These exercises will be free to access over the coming months to those who wish to develop cyber skills.

The CyberLand Product also contains a module on the Computer Misuse Act 1990, which aims to educate the target audience on the laws governing the cyber landscape. It also signposts them to more positive pathways such as opportunities linked to their digital skills.

These resources should not be regarded as appropriate only to students who are interested in computer science, IT or related subjects. The level of access to ‘CyberLand’ is set to ensure broad appeal and engagement.

It would be appreciated if you could circulate this to schools and if appropriate, directly to students.

Zoom- Important Safeguarding Update

Janet CSIRT would like to bring to your attention some recent reports in relation to Online Video Conferencing Platforms we have seen.  Due to the restrictions related to Covid-19, the use of online video conferencing has seen a significant increase and understandably, organisations are trying to facilitate as many of their previous services and interactions in an online format.  However, as with many good intentioned endeavors to include as wide an audience as possible, the opportunity for exploitation exponentially increases with it.  We are aware of "Zoom" meetings being specifically targeted by malicious ‘raiding’ groups and so this information should be considered when using such software.

Many conferencing platforms offer the opportunity to host meetings without the need for any other verification other than the link or meeting ID number. In efforts to appeal and incorporate as many individuals as possible, such Meeting ID and Links are publicly shared.

We have received reports over the last few days alerting us to Video Conferences which have been joined by individuals whose sole intent is to cause disruption and distress and upon joining a video conference have then proceeded to display indecent, potentially illegal imagery to the other participants which could constitute an offence under Section 1(1)(b)of the Protection of Children Act 1978.

Therefore we would suggest that you consider cascading the following points and sources of advice to any organisation individuals that may be responsible for hosting/arranging online conferencing in order that requisite safety precautions can be implemented to minimise the risk of such occurrences becoming more widespread.
 

* Ensure that Meeting Passwords are required to join and that they are not published in an uncontrolled manner.

* Don’t use social media to share conference links as malicious groups can search social media for these meeting ID/links.

* Use the “Waiting “Room” feature to have participants wait until the host arrives and vet participants prior to entering the meeting.

* Limit screen-sharing ability to the host. Using the host controls at the bottom.

* Turn off file transfer: In-meeting file transfer allows people to share files through the in-meeting chat. Toggle this off to keep the chat from getting bombarded with unsolicited pics, GIFs, memes and other content.

* Disable private chat: Zoom has in-meeting chat for everyone or participants can message each other privately. Restrict participants’ ability to chat amongst one another.  This is really to prevent anyone from getting unwanted messages during the meeting

*Allow only signed-in/Registered users to join: If someone tries to join your meeting and isn’t logged into a Zoom account, they will receive the message ‘This meeting is for authorised attendees only’.

*Zoom meeting host logging does have IP logging that can record attendees and that IP data can be used to report abuse.

Below are some further sources which detail some of the points listed above:-

https://www.kaspersky.com/blog/zoom-security-ten-tips/34729/

https://www.ucop.edu/local-it-client-services/_files/security-tips-on-sharing-zoom-meeting-links-and-zoom-settings.pdf

https://www.ncsc.gov.uk/guidance/video-conferencing-services-security-guidance-organisations


If anyone has any further information or would like some additional advice then please contact Jisc at  This email address is being protected from spambots. You need JavaScript enabled to view it. or us at This email address is being protected from spambots. You need JavaScript enabled to view it.

 

Online Learning - Learning Lessons from Others

As teachers, pupils and parents begin to adjust to what is to become the new normal of distant learning we though we'd share some of the early lessons that we are learning from schools and homes across the country.

Schools across the country have taken very different approaches to distance learning with some providing homework type tasks and others embrassing a range of technology to provide interactive live streaming teaching. For most schools it has been a case of doing the best they can with what is available. 

Examples of good practise:

  • Teachers and senior leaders modelling appropriate behaviour
  • Having fun and making the day a little bit brighter. Do something to make people smile. A colleague of mine in the West Midlands has his team attend video calls wearing hats! 
  • Have a virtual coffee break - all staff join a scheduled conference call/ skype/ google hangout once a day just to chat, share ideas, celebrate sucesses and check in on each other
  • Utalising the wealth of subscription services that are offering free access at this time. We have listed some here
  • Teachers utalising video tutorials - all the major online services have 'how to' videos mostly hosted on YouTube
  • Providing pupils with activities that can be done on a smart phone - for example Google forms are quick and easy to build allowing multiple choice, short free text and long free text answers amongst others. Forms can be shared via email or a weblink. Pupils can respond using a smart phone. And responses are collated for you. Tutorial here
  • Providing parents of early years children with ideas for 'real' things to do - ie treasure hunts, easy crafts, sensory play activities, maths activities, science activities
  • Keeping in contact with pupils via school website
  • Sharing online safety advice with parents/pupils
  • Reminding parents that this is about home learning not home education. 

Commmon issues:

  • Capacity can be a problem
    • A number of online services have experienced downtime during to high volumes of traffic
    • Some Apps not updating in real time leading to pupils appearing to be late posting their work
    • Individual teachers being inundated with emails from parents all asking substancially the same questions. If teachers have access to the school Twitter ccount culd they tweet out responses to common questions?
    • "Teachers being expected to fly a plane that is still being built". Sir Jim Knight. Too much is being asked of teachers who are strugging to deal with new ways of teaching whilst supervising their own children and worrying about buying toilet roll! This also applies to head teachers, parents and pupils!
  • Technology
    • School kit not up to the job
    • Broadband too slow - Contact us at the email below. we might be able to help
    • Satff not able to access the school network - If you are an E2BN? Internet4schools we will set up a school VPN free of charge to enable staff to access the school network. Contact us at This email address is being protected from spambots. You need JavaScript enabled to view it.
    • Not all pupils having access to suitable technology at home. Not every family will have a laptop per child (especially if mum or dad are working from home), or a printer or a scanner. But most of them will have a smart phone. Design onlearning that can be done using a smart phone.

Dubious practise

  • Launching a new online learning environment at this time.
  • Expecting teachers to use their personal email adddresses/ social media accounts to communicate with parents/pupils.
  • Asking teachers to complete a detailed diary of what they have done during the day
  • Embracing the technolgy without considering the safeguarding issues 
    • Live streaming/video conferencing - what's in the background? Is the video feed of children being recorded?
    • Not having and following a clear school online safety policy
    • Forgetting about pupil and staff well-being
  • Providing lesson activities that pupils have to download, print out, scan or photograph and then upload. Not everyone has the technology to do this and ink is expensive! 

Coronavirus & E2BN/ Internet4schools

E2BN/ Internet4schools will continue to operate during this Corvid 19 outbreak. At the moment the E2BN office is still open and, subject to access,we are continuing to carry out broadband installations. 

In the event of us being required to close the office we will maintain telephone and email support for all of our customers.

In addition we are:

  • Providing free learning resources accessible from home and schools from E2BN. Click here for more information.
  • Enabling free secure and appropriate remote access to school networks for staff. Send your request to This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Sharing up to date advice and links to other relevant organisations and sources of key information.
  • Providing advice on online services that are suitable for remote learning.
  • Providing safeguarding advice to schools and families about remote learning.
  • Telephone and email technical support for our broadband and filtering customers.

Stay safe everyone!

Are you ready for the cybercriminals?

You’ll all have seen the banks’ adverts about cyber fraud and some of you will have been the victim of online fraud yourselves, but did you know that schools also fall prey to cybercrime?  In fact, cybercriminals are increasingly seeing schools as soft targets! Think about the volume of emails that schools get and how busy everyone is and how little training you have had on preventing cybercrime. (Any training you had on GDPR probably didn’t spend much time on phising, ransomware or DDOS attacks!)

The good news is that like most things a little training goes a long way and that the NCSC (National Cyber Security Centre) has produced an online tool that can help you upskill your staff.

Exercise in a Box is an online tool which helps organisations test and practise their response to a cyberattack. It is completely free and you don’t have to be an expert to use it.

The service provides exercises, based around the main cyber threats, which your organisation can do in your own time, in a safe environment, as many times as you want. It includes everything you need for setting up, planning, delivery, and post-exercise activity, all in one place.

To use Exercise in a Box you need to register for an account. This enables us to provide you with a tailored report, helping you identify your next steps and pointing you towards the guidance which is most relevant for your organisation.

Once you have registered, you set your profile, pick your exercise(s), and download the materials.

Exercise in a Box is free and very easy to use. You don’t need to be an ‘expert’ to run the sessions for you but if you don’t feel that anyone in school could manage the session we are happy to provide a trainer to assist. We’d also be happy to include Exercise in a Box in one of our online safety sessions. Contact This email address is being protected from spambots. You need JavaScript enabled to view it. for more information

Page 2 of 3

Latest from the Blog