The Department for Education have released their updated Cyber Security Standards for schools and colleges
Having worked with the DfE on the draft of these, we are well placed to assist schools in making the necessary changes and improvements to meet the new standards.
You can read the full new cyber standards HERE but we have summarised them below:
- Protect all devices on every network with a properly configured boundary or software firewall
- Network devices should be known and recorded with their security features enabled, correctly configured and kept up-to-date
- Accounts should only have the access they require to perform their role and should be authenticated to access data and services
- You should protect accounts with access to personal or sensitive operational data and functions by multi-factor authentication
- You should use anti-malware software to protect all devices in the network, including cloud-based networks
- An administrator should check the security of all applications downloaded onto a network
- All online devices and software must be licensed for use and should be patched with the latest security updates
- You should have at least 3 backup copies of important data, on at least 2 separate devices, at least 1 must be off-site
- Your business continuity and disaster recovery plan should include a regularly tested contingency plan in response to a cyber attack
- Serious cyber attacks should be reported
- You must conduct a Data Protection Impact Assessment by statute for personal data you hold as required by General Data Protection Regulation
- Train all staff with access to school IT networks in the basics of cyber security
Some of our services which will help you meet the standards are shown below. Please get in touch for more information or a personalised quote.