As schools increasingly rely on technology to support teaching and learning, it is essential to prioritise cyber security to ensure the safety and privacy of pupils, staff and data.
In response to this need, the Department for Education (DfE) published their Cyber Security Standards that schools should meet to protect their networks from cyber threats. The standards cover a wide range of topics, including protecting devices and accounts, conducting backups, and reporting serious cyber attacks.
We can help your school exceed these standards and maintain a high level of cyber security. We can provide tailored solutions to ensure that your school’s network is secure and that you are in compliance with the DfE’s Cyber Security Standards.
The standards are listed below:
Protect all devices on every network with a properly configured boundary or software firewall
Network devices should be known and recorded with their security features enabled, correctly configured, and kept up-to-date
Accounts should only have the access they require to perform their role and should be authenticated to access data and services
Controlling access to data and services is crucial to maintaining cyber security in your school. We can help you set up user accounts and ensure that users have only the necessary access to perform their duties. With our help, you can protect your data and services from unauthorised access and maintain a high level of security in your school.
You should protect accounts with access to personal or sensitive operational data and functions by multi-factor authentication
An administrator should check the security of all applications downloaded onto a network
Checking the security of all applications downloaded onto your network is crucial to maintaining your school’s cyber security. We can help you check the security of all applications that are downloaded onto your network. We will conduct a thorough review of each application to ensure that it meets the security standards. With our help, you can maintain a secure network and protect your data from potential threats.
Your business continuity and disaster recovery plan should include a regularly tested contingency plan in response to a cyber attack.
Having a business continuity and disaster recovery plan in place is essential to maintaining your school’s cyber security. We can help you create a plan that includes a regularly tested contingency plan in response to a cyber attack. We will work with you to identify potential threats and create a plan that outlines the steps you need to take to ensure business continuity in the event of a cyber attack. We will also help you regularly test your plan to ensure that it is effective and up-to-date.
Serious cyber attacks should be reported
You must conduct a Data Protection Impact Assessment by statute for personal data you hold as required by General Data Protection Regulation
Train all staff with access to school IT networks in the basics of cyber security
Training your staff in the basics of cyber security is essential to maintaining a secure network in your school. At our cyber security firm, we can provide cyber security training to all staff members who have access to your school’s IT networks. This includes how to recognize potential threats and phishing scams and how to protect against them. With our help, you can ensure that all staff members are equipped with the knowledge they need to maintain a secure network and protect your school’s data.
Cyber security is an essential aspect of maintaining a safe and secure school environment. Following the DfE’s Cyber Security Standards is crucial to protecting your school’s network from cyber threats. We can help you exceed these standards by providing tailored solutions to protect your devices, accounts and data. We can also help you create backups, develop a business continuity and disaster recovery plan, and train your staff in the basics of cyber security. With our help, you can ensure that your school is protected from potential threats and that your students, staff, and data are safe and secure.
Contact us today for more information.
Print your certificate of achievement
Congratulations on watching the video. Please enter your name below and press submit to create a certificate to show you have completed this requirement.
Frequently Asked Questions:
The first point of contact should be the school’s designated Data Protection Officer (DPO), if they have one. If the school does not have a DPO, they should contact their local Regional Cyber Crime Unit (RCCU) or the National Cyber Security Centre (NCSC).
Regional Cyber Crime Units (RCCUs) are a network of police units that work together to combat cyber crime in the UK. They provide advice and guidance to businesses and individuals who have been the victim of a cyber crime, including schools.
The Regional Cyber Crime Unit (RCCU) for the East Midlands is part of the East Midlands Special Operations Unit (EMSOU). The RCCU works to combat cyber crime in the region by providing advice, guidance and support to individuals and businesses, including schools, that have been the victim of a cyber crime.
To contact the RCCU for the East Midlands, schools can call the non-emergency police number 101 and ask to be put through to the RCCU. Alternatively, they can visit the EMSOU website and click on the “Report a Cyber Crime” button to fill in an online form.
It’s worth noting that if the school believes the incident is an emergency, they should call 999 immediately. If the school has a designated Data Protection Officer (DPO), they should also be informed of the incident as soon as possible. The DPO can then liaise with the RCCU on behalf of the school, if necessary.
The National Cyber Security Centre (NCSC) is part of the UK government’s intelligence and security organisation, GCHQ. The NCSC provides guidance and support to organisations, including schools, to help them improve their cyber security and respond to cyber security incidents.
Schools should report any cyber security incident that may result in the loss, theft or compromise of sensitive data, such as student or staff personal information, financial information, or any other confidential data. Examples of incidents may include hacking, phishing, malware infections, or ransomware attacks.
Schools should report a cyber security incident as soon as possible, ideally within hours of the incident occurring. This allows for a quicker response to the incident and can help to minimise any damage caused.