As schools increasingly rely on technology to support teaching and learning, it is essential to prioritise cyber security to ensure the safety and privacy of pupils, staff and data.

In response to this need, the Department for Education (DfE) published their Cyber Security Standards that schools should meet to protect their networks from cyber threats. The standards cover a wide range of topics, including protecting devices and accounts, conducting backups, and reporting serious cyber attacks.

We can help your school exceed these standards and maintain a high level of cyber security.  We can provide tailored solutions to ensure that your school’s network is secure and that you are in compliance with the DfE’s Cyber Security Standards.

The standards are listed below:

a black and white photo of a clock tower

Protect all devices on every network with a properly configured boundary or software firewall

Protecting devices on your network is essential for maintaining your school’s cyber security. A firewall is a great way to secure your network by blocking unauthorised access and preventing the spread of malware.  We can help you set up and configure firewalls for all your devices to ensure maximum protection. We will ensure that the firewall is properly configured and we will provide continuous monitoring to keep your network secure.

a black and white photo of a clock tower

Network devices should be known and recorded with their security features enabled, correctly configured, and kept up-to-date

Knowing and recording all network devices is the first step in securing your school’s network.  We can help you create a complete inventory of all your network devices, including computers, printers, and servers. We can also help you enable the security features of all your devices, configure them correctly, and ensure that they are up-to-date with the latest software and security patches. With our help, you can keep your network secure and protected against potential threats.

a black and white photo of a clock tower

Accounts should only have the access they require to perform their role and should be authenticated to access data and services

Controlling access to data and services is crucial to maintaining cyber security in your school. We can help you set up user accounts and ensure that users have only the necessary access to perform their duties. With our help, you can protect your data and services from unauthorised access and maintain a high level of security in your school.

an image of a laptop with a mobile phone showing multifactor authentication

You should protect accounts with access to personal or sensitive operational data and functions by multi-factor authentication

Protecting your data is essential to maintaining your school’s cyber security. We can help you protect your accounts with access to personal or sensitive operational data and functions by providing multi-factor authentication.  This can be via security tokens, authenticator apps or conditional access.

a black and white photo of a clock tower

You should use anti-malware software to protect all devices in the network, including cloud-based networks

We can provide anti-malware software to protect all devices in your network, including cloud-based networks. With our help, you can protect your data from potential threats and ensure that your network is secure.

a magnifying glass over a computer screen

An administrator should check the security of all applications downloaded onto a network

Checking the security of all applications downloaded onto your network is crucial to maintaining your school’s cyber security.   We can help you check the security of all applications that are downloaded onto your network. We will conduct a thorough review of each application to ensure that it meets the security standards. With our help, you can maintain a secure network and protect your data from potential threats.

a black and white photo of a clock tower

All online devices and software must be licensed for use and should be patched with the latest security updates

Maintaining the security of your online devices and software is essential to maintaining your school’s cyber security.  We can help you ensure that all online devices and software are licensed for use and are patched with the latest security updates. With our help, you can maintain a secure network and protect your data from potential threats.

a black and white photo of a clock tower

You should have at least 3 backup copies of important data, on at least 2 separate devices, at least 1 must be off-site

Backing up your important data is essential to maintaining your school’s cyber security. We can help you create at least three backup copies of your important data, on at least two separate devices, with at least one copy off-site. With our help, you can ensure that the data on your server or in the cloud is protected from potential threats and natural disasters.

a black and white photo of a clock tower

Your business continuity and disaster recovery plan should include a regularly tested contingency plan in response to a cyber attack.

Having a business continuity and disaster recovery plan in place is essential to maintaining your school’s cyber security. We can help you create a plan that includes a regularly tested contingency plan in response to a cyber attack.  We  will work with you to identify potential threats and create a plan that outlines the steps you need to take to ensure business continuity in the event of a cyber attack. We will also help you regularly test your plan to ensure that it is effective and up-to-date.

a black and white photo of a clock tower

Serious cyber attacks should be reported

We can help you report any serious cyber attacks to Action Fraud, the police and the ICO and work with you to minimize the impact of the attack.  We will provide you with the guidance you need to ensure that you comply with any legal or regulatory requirements related to reporting cyber attacks.

Data protection icon showing a database and a padlock

You must conduct a Data Protection Impact Assessment by statute for personal data you hold as required by General Data Protection Regulation

Conducting a Data Protection Impact Assessment (DPIA) is required by law to maintain compliance with the General Data Protection Regulation (GDPR).  We can work with your Data Protection Officer to identify potential risks and create a plan to mitigate those risks. We will also help you maintain compliance with GDPR regulations and ensure that your school’s data is protected.

a black and white photo of a clock tower

Train all staff with access to school IT networks in the basics of cyber security

Training your staff in the basics of cyber security is essential to maintaining a secure network in your school.  At our cyber security firm, we can provide cyber security training to all staff members who have access to your school’s IT networks.  This includes how to recognize potential threats and phishing scams and how to protect against them. With our help, you can ensure that all staff members are equipped with the knowledge they need to maintain a secure network and protect your school’s data.

Cyber security is an essential aspect of maintaining a safe and secure school environment.  Following the DfE’s Cyber Security Standards is crucial to protecting your school’s network from cyber threats. We can help you exceed these standards by providing tailored solutions to protect your devices, accounts and data.  We can also help you create backups, develop a business continuity and disaster recovery plan, and train your staff in the basics of cyber security. With our help, you can ensure that your school is protected from potential threats and that your students, staff, and data are safe and secure.

Contact us today for more information.

Cyber security training for school staff

Print your certificate of achievement

Congratulations on watching the video.  Please enter your name below and press submit to create a certificate to show you have completed this requirement.

PDF Form Example

Frequently Asked Questions:

The first point of contact should be the school’s designated Data Protection Officer (DPO), if they have one. If the school does not have a DPO, they should contact their local Regional Cyber Crime Unit (RCCU) or the National Cyber Security Centre (NCSC).

Regional Cyber Crime Units (RCCUs) are a network of police units that work together to combat cyber crime in the UK. They provide advice and guidance to businesses and individuals who have been the victim of a cyber crime, including schools.

The Regional Cyber Crime Unit (RCCU) for the East Midlands is part of the East Midlands Special Operations Unit (EMSOU). The RCCU works to combat cyber crime in the region by providing advice, guidance and support to individuals and businesses, including schools, that have been the victim of a cyber crime.

To contact the RCCU for the East Midlands, schools can call the non-emergency police number 101 and ask to be put through to the RCCU. Alternatively, they can visit the EMSOU website and click on the “Report a Cyber Crime” button to fill in an online form.

It’s worth noting that if the school believes the incident is an emergency, they should call 999 immediately. If the school has a designated Data Protection Officer (DPO), they should also be informed of the incident as soon as possible. The DPO can then liaise with the RCCU on behalf of the school, if necessary.

The National Cyber Security Centre (NCSC) is part of the UK government’s intelligence and security organisation, GCHQ. The NCSC provides guidance and support to organisations, including schools, to help them improve their cyber security and respond to cyber security incidents.

Schools should report any cyber security incident that may result in the loss, theft or compromise of sensitive data, such as student or staff personal information, financial information, or any other confidential data. Examples of incidents may include hacking, phishing, malware infections, or ransomware attacks.

Schools should report a cyber security incident as soon as possible, ideally within hours of the incident occurring. This allows for a quicker response to the incident and can help to minimise any damage caused.