an image of a laptop and other electronic devices

Cyber Security is a critical consideration for schools, as they hold a wealth of sensitive information about pupils and staff. Here are the top ten things that schools should implement for Cyber Security:

In no particular order…

a black and white photo of a clock tower Regular training for staff and students

Well-trained staff and pupils are the first line of defense against cyber threats. Schools should provide regular training sessions on best practices for cyber security, such as how to identify phishing emails and how to create strong passwords. As a minimum, staff and at least one governor should watch this video.

a black and white photo of a clock tower Network security

Schools must have secure networks to protect sensitive information. They should invest in firewalls, intrusion detection systems, and regular network scans to identify vulnerabilities.

a black and white photo of a clock tower Access control

Access control is critical to ensuring that only authorised users can access sensitive information. Schools should implement strong authentication mechanisms, such as long complex passwords and multi-factor authentication, to ensure that only authorised users can access the network. We also recommend the use of Password Managers instead of saving passwords in the browser. Click here to discover why saving passwords in the browser poses a security risk.

a black and white photo of a clock tower Data backup and recovery

A requirement of the DfE Cyber Security Standards and the RPA Cover – Schools must have a data backup and recovery plan in place to protect against data loss in case of a cyber attack or natural disaster. Regular backups should be performed and tested to ensure that data can be recovered in a timely manner.

a black and white photo of a clock tower Anti-virus and anti-malware software

Schools must have up-to-date anti-virus and anti-malware software installed on all devices connected to the network. Regular scans should be performed to detect and remove any potential threats.

a black and white image of a lock Encrypted communication

Schools should implement encryption for all sensitive communications, including email and messaging platforms. This will help to protect information from interception by unauthorised individuals. This should form part of the schools’ Data Loss Prevention strategy.

a black and white photo of a clock tower Incident response plan

Schools should have an incident response plan in place to handle any cyber security incidents that may occur. The plan should include steps for detecting and containing the incident, notifying the appropriate parties, and restoring normal operations.

a black and white photo of a clock tower Web filtering and content monitoring

A key requirement of Keeping Children Safe in Education 2022 – Schools should implement web filtering and content monitoring to ensure that pupils and staff are not accessing inappropriate or dangerous websites.

a black and white photo of a clock tower Patch management

Schools should ensure that all software and devices connected to the network are up to date with the latest security patches.

a black and white photo of a clock tower Cloud security

It’s a popular misconception that your data is backed up in the cloud. Schools that use and rely on cloud services should ensure that their cloud service providers have adequate security measures in place and should implement backups and additional security such as anti-spam & anti-malware as required.

In summary, schools must take a proactive approach to cybersecurity to protect sensitive information and prevent cyber attacks. By implementing the ten measures outlined above, schools can significantly reduce the risk of a cyber attack and ensure the safety of their staff and pupils.