DfE Update: Meeting digital and technology standards
By Luke Rogers
2024-06-06
Cyber incidents can be a real headache for schools and colleges, causing chaos and costing a lot of money. These attacks, whether from inside or outside, aim to mess with or steal data. They can lead to safeguarding issues if sensitive data is compromised, negatively impact student outcomes, cause major data breaches, and even force the institution to close its doors temporarily. The financial losses and damage to the school's reputation can be significant and long-lasting.
To help mitigate these risks, schools and colleges should adhere to specific cyber security standards. Here's a simplified guide to get you started:
Key Standards
Annual Cyber Risk Assessment
Make it a point to conduct a cyber risk assessment every year and review it each term. This is crucial for understanding your current cyber security stance and planning for improvements. It also ensures your business continuity and disaster recovery plans are up-to-date and effective.
Cyber Awareness Plan
Cyber security isn't just the IT department's job; it's everyone's responsibility. Implement a cyber awareness plan for both students and staff. Regular training and an acceptable use policy will help everyone understand the risks and how to act as the first line of defence against cyber incidents.
Secure Digital Technology and Data
Ensure all your digital technology and data are protected with robust anti-malware software and properly configured firewalls. Every device and network should be recorded, configured correctly, and updated regularly. Don't forget to check the security of all applications downloaded onto the network.
Control User Accounts and Access
It's vital to manage user accounts and access privileges carefully. Each account should have access only to what is necessary for their role. Implement multi-factor authentication and strong password policies to safeguard sensitive data.
Licensed and Updated Technology
Make sure all your software and devices are properly licensed and always up-to-date with the latest security patches. This simple step can prevent many potential security breaches.
Data Backup Plan
Develop a comprehensive data backup strategy and review it annually. Keep multiple backup copies on different devices, with at least one stored offsite. This ensures you can recover your data even in the worst-case scenario.
Report Cyber Attacks
Have a clear process for reporting serious cyber attacks, both within your school or college and to external bodies. Prompt reporting can help mitigate damage and prevent future incidents.
The updated cyber security standards now make it clear that cyber security is a shared responsibility. It's not something the IT team can handle alone; senior leadership and other staff members need to be involved too. The new format is designed to be more accessible, even for those without a cyber security background.
Differences from Cyber Essentials
So, what's the deal with these standards versus Cyber Essentials? Well, these standards are specifically designed for the education sector to build cyber resilience. They cover the core principles of cyber governance, processes, and strategy. On the other hand, Cyber Essentials is a government-backed certification that provides technical assurance to organisations across all sectors, not just education.
While Cyber Essentials certification isn't mandatory, it might be a good idea for your school or college. It can provide an extra layer of assurance about your cyber security measures. However, it's ultimately up to the senior leadership team to decide if pursuing this certification is right for your institution now or in the future.
If you need help navigating these standards or implementing any of the recommended measures, we offer consultancy and support services. There is a lot of crossover with Cyber Essentials (which we know a bit about) Just get in touch.
If you want this straight from the horses mouth, and in a bit more of a boring government format, check out this link: Updates - Meeting digital and technology standards in schools and colleges - Guidance - GOV.UK (www.gov.uk)
