Earlier this year, the Department for Education (DfE) in the UK released an important update to their ‘Cyber security standards for schools and colleges’ guidance.

With the increasing reliance on technology in the education sector, the DfE recognised that information around how to protect IT systems needed to be more transparent and accessible to the senior leadership team in a school and college setting. Senior leaders could then work in partnership with their dedicated IT teams, instead of leaving them solely responsible despite their lesser influence over day-to-day use of school or college technology.

This change ensures that everyone has a greater understanding of cyber security best practice, strengthening the defence against cyber-attacks. Although the guidance essentially contains the same key information as before the update, it’s now more accessible to staff without in-depth IT expertise.

Why is cyber security awareness important for schools and colleges?

As a result of schools and colleges become increasingly reliant on technology and online content for the delivery of learning, they unfortunately raise the risk of targeted attacks by cyber criminals. With an abundance of sensitive data and financial information, a cyber-attack could be devastating – not just on the individual school or college, but on the many students and staff members that it supports.

An attack by cyber criminals could result in:

• A data breach that leads to serious safeguarding issues
• Direct impacts on students and their safety
• Lasting disruption potentially leading to school closure
• Financial damage and loss
• Vast reputational damage
• Legal complications arising from loss of data, finances and safeguarding issues

Even smaller-scale incidents have the potential to lead to big problems, so following the guidance and being aware of the best way to mitigate risks is really important for all staff members and IT teams working within your school or college setting.

What are the 7 key principles from the updated cyber security standards for schools and colleges?

Knowledge is power, and knowing how to keep your school and college systems safe from cyber criminals is a critical step in protecting your data, students and staff members.

Here are the 7 updated principles that both senior leaders and IT experts within a school or college setting need to be aware of.

1. Conduct a Cyber Risk Assessment Annually and Review Every Term
   Undertake regular risk assessments to understand how to keep students and staff safe, prepare your response to incidents, and identify current weaknesses that require new processes to be created.
2. Create and Implement a Cyber Awareness Plan for Students and Staff
   Train staff and students on how to use technology safely to serve as your first line of defence against cyber incidents. Fostering a culture of learning and support will also help them feel comfortable identifying and reporting any risks.
3. Secure Digital Technology and Data with Anti-malware and a Firewall
   Defend unauthorised access to devices and networks with the appropriate firewalls, anti-malware software, and security configurations. Keeping a hacker out of the system is crucial to ensure they can’t exploit any vulnerabilities.
4. Control and Secure User Accounts and Access Privileges
   Only allow students and staff access to the things they need and ensure they know the importance of keeping their passwords safe. Additional layers like multi-factor authentication security are also critical to protecting sensitive data.
5. License Digital Technology and Keep it Up to Date
   All devices and software must be licensed to ensure that you receive the latest security updates, upgrades and bug-fixes. Never download unauthorised or unlicensed software as they may contain malware or exploit system vulnerabilities.
6. Develop and Implement a Plan to Backup Your Data and Review This Every Year
   Multiple backups of important data – stored on different devices – ensure that in the case of natural disasters, criminal damage or cyber attacks, you don’t lose everything. At least one should be held in a different physical location (such as on the cloud) to minimise the risk if the original data is targeted.
7. Report Cyber Attacks
   Ensure that everyone, both students and staff, are aware of their responsibility to report a cyber incident to the senior leadership and IT teams to investigate. This way, the scale and impact of the attack can be assessed, and plans can be put in place to deal with the issue. If the attack is serious, it can then swiftly be escalated to the relevant external bodies.

How can you keep your school or college cyber-safe?

Being aware of the updated principles is just the first step in ensuring that a school or college IT system is protected against cyber-attacks.

Alongside following these standards, ensuring that you have the relevant expertise, knowledge and support to keep your systems and devices safe is essential to maintaining a strong defence against attacks.

Ultimately, fostering a culture of openness, awareness and on-going education will help to keep your school or college protected from cyber criminals. Adhering to the guidelines while ensuring that everyone is aware of the part they play in keeping your systems safe will provide the strongest defence against any unauthorised access and sensitive data breaches.

The DfE recommends that if you don’t have the relevant technical expertise in-house, getting advice from an external support provider is an important way to bridge the gap. Here at HBT Communications, we have over 35 years’ experience working in the education sector, with over 250 schools using our IT services daily. Our extensive expertise in cyber security measures means that we understand the challenges faced by both individual schools and larger multi academy trusts and can help implement the right solution for your establishment.

If you’re keen to find out more about improving your school or college IT security system, or if you’d like further information about how HBT Communications could help, please get in touch today.