ROCU - National Cyber Protect Network - ANME Blog

ROCU - National Cyber Protect Network

Posted on: 19th Jun 2019 by: Andy Rawlinson

The UK Government recognises the significant threat from cyber crime to UK businesses, charities, individuals and the educational sector. As part of the national strategy to tackle the threat of cyber crime, the national Cyber Protect network has been created.

Led by the City of London Police and that National Police Chief’s Council, the Cyber Protect network exists to help organisations protect themselves from attack as well as offering advice as to how to be prepared to deal with an attack when it does happen.

We know the educational sector is hard hit by cyber crime. Budgets are often tight with restricted funding for both the technological solutions and user awareness training. While ICT support is often outsourced, many educational institutions retain their own staff but cost pressures may limit opportunities for continuing professional development. In the Cyber Protect role we have met a significant number of staff who go above and beyond in supporting their school or college and develop themselves despite these pressures.

The threat from cyber crime is not an ICT function alone. Cyber Security should better be thought of as a whole organisation function which the Senior Leadership Team should own. There should be a designated lead on Information Security, of which Cyber Security is a part. This should not be the same person as the ICT lead. There is often a clear conflict between the two roles. Cyber risks should feature as part of the risk register for the organisation.

We know from our experience that phishing attacks continue to be the origin of the majority of attacks, followed by and often coupled with poor security practices such as weak passwords, password re-use and the lack of 2 Factor or Multi Factor Authentication. The education sector is often a target because the criminals know that their ability to defend themselves and preparedness for attack is typically less than in business. The criminals often loiter in the network to perform reconnaissance and corrupt defences such as system backups, before launching their attack.

Case Study: Further / Higher Education College

A large further education college with several thousand students was subject of a ransomware attack which occurred at the start of half-term. Everything was encrypted – sadly including the backups which were on the network. Understanding of the impact was limited – systems including fire, alarm, CCTV and door entry were all network based and could not be readily isolated. A ransom was demanded of over £200,000. Ofsted gave the college an ultimatum – they had three weeks or they would be closed down. The college had no choice but to pay a sum of between £50,000 and £100,000. It has taken months to recover from the incident, reconsider network design and improve resilience against future attack.

The Cyber Protect network is delivered by Regional Organised Crime Units (ROCUs) and individual Police services across the UK. Cyber Protect Officers are available to support you in improving your protection from and preparedness for cyber attack – for free. We can provide Cyber Security activities such as the Lego based Decisions & Disruptions tabletop exercise for Senior Leadership Teams and Cyber Awareness presentations for staff – for free.

There are lots of free resources from the National Cyber Security Centre (NCSC) – the public face of the Government Communication HeadQuarters (GCHQ) including infographics, board toolkit for Senior Leadership, Small Business Guide (equally applicable to education) and the latest advice on threats, incidents and keeping secure.

NCSC also provide the Cyber Security Information Sharing Partnership (CiSP) where professionals can exchange cyber threat information in real time in a secure environment. Exercise in a Box is a set of free cyber resilience exercises to test how ready you are for a cyber incident – including a threat hunting exercise.

Cyber Essentials is a UK Government scheme to check you are taking cyber security seriously. There is a self-assessment process to ensure a baseline of technical controls. There is an optional accreditation process including a ‘Plus’ certification which includes independent verification by a Certification Body. Your organisation should consider whether those in your supply chain are taking cyber security seriously by looking for Cyber Essentials accreditation.

Finally – and on the back of experience in dealing with victim schools and college – we would encourage you to ensure:

  • RDP is either disabled or made as secure as possible… we see a large number of breaches in education through this route
  • 2FA or MFA is switched on for as many systems as possible – especially Office 365 as more organisations migrate to it. Office 365 phishing is widespread
  • Backups – ensure they are air-gapped and that you test restoration processes
  • Be prepared! Have a cyber incident response plan and test it!

NCSC Guidance:


Exercise in a Box:

Cyber Essentials:

NCSC Office 365 2FA:

Andy Rawlinson
Police Cyber Prevent Officer & Cyber Security Advisor


Testimonials from Members & Partners

  • “Fantastic event, with interesting content and very well organised.”

    Alain Squiteri, Sales Director - InVentry

  • I thought the day was excellent. It was really good to have the companies there and invaluable for meeting and speaking with new contacts. I really hope this carries on as it was desperately needed in our field.

    Janet Cannell, Member

  • We’re really proud to be ANME’s platinum sponsor. It’s such a great platform for school network managers to get together and share ideas, plus it provides us the opportunity to speak directly to schools using our solutions and get their feedback and input into new features. Every event is always different, with fantastic speakers providing real insight and ideas on all things edtech.

    Al Kingsley, Group Managing Director, NetSupport Limited

  • ANME meetings provide valuable networking - being able to talk to other professionals doing the same role and understanding their approach and their context. This is a great way to challenge what you are doing in your own setting.

    Neil Limbrick, ANME Ambassador

  • A fantastic online resource of like-minded professionals that you can use to bounce ideas off, chat things through, get advice from. Invaluable.

    Ric Turner, Balshaws Church of England High School

  • The ANME is a priceless resource for anyone working in an IT support role in the education sector. The online forum is lively and informative and the regular meetings provide insight into new products and valuable networking opportunities with peers from other establishments. I've lost count of the number of valuable conversations and helpful tips that I've had since becoming a member. If you've not been to a meeting before then try to attend the next one in your area, you won't be disappointed.

    Dave Leonard, ANME Ambassador and ICT Manager at Matthew Moss High School

  • The ANME has been a great resource when you're a lone IT manager, now you have friends going through the same obstacles as you, with plenty of advice and guidance.

    Michael Frost, ANME Member & IT Network Manager at Parkwood Hall Co-operative Academy

  • Being part of the ANME is like being part of a large corporate IT department, there's always someone you can ask for advice

    Paul Gillon, ANME Member & Network Manager at West Hill School, Stalybridge

  • ANME is like having a team of IT experts at my fingertips. It helps me keep up to date with the latest trends in IT education.
    Rick and the ANME members have always helped when I've needed extra guidance to make great IT decisions

    Clifford Fernandes, ANME Member & IT Manager at Claremont High School

  • I attended my first ANME regional meeting recently which was great. It was Informative, relevant and useful! Unlike some meetings I attend where you get one or two useful nuggets of information, but other bits have been added to the agenda as fillers. Glad to be a member of this group of like-minded individuals.

    Adam Hall, ANME Member & IT Operations Manager at Four Oaks Learning Trust