Data Security is the protection of data from accidental or deliberate, unauthorised change, destruction or disclosure.
Data security can cover hardcopies, such as files in filing cabinets and disclosure of information through images and unique identifiers, such as your IP address.
Data security also covers secure data transmissions.
Cyber Security is the protection of computers, electronic communications, systems, networks and the data those devices and systems contain.
Cyber security aims to protect information integrity, accuracy, and confidentiality, whilst ensuring that systems are always available.
Cyber Resilience is the protection of data and systems to ensure reliable, consistent and secure access to systems and data.
Resilience also encompases the need for organisations to:
The aim is to preserve data and system integrity and the confidentiality or personal and organisational data.
Cyber security is the protection of devices, systems and networks by implementing measures focused on preventing theft, damage, information disclosure or corruption.
Cyber security centres on keeping unauthorised persons out. Security can involve one layer or many layers. A ‘layered’ approach is more secure, but nothing is 100% effective.
Implementing Cyber Essentials basic controls will prevent the majority of unsophisticated attacks, but prevention is never guaranteed.
Cyber security measures alone are not enough to protect and prepare settings from the escalating number and severity of attacks.
Example Security Methods
Unique usernames and passwords / encryption / software keys / policy
Site security barriers / locks / secure storage / CCTV
Anti-virus / malware protection / firewalls
Identity verification / role specific access / digital signatures
Cyber security forms part of cyber resilience.
Cyber resilience enables your setting to continuously deliver education and to carry out school business effectively, securely and with prompt recovery in the event of an incident.
Cyber resilience involves preparing and responding promptly and effectively when incidents occur and adapting to ensure business continuity and enable recovery.
Cyber Essentials can help you reduce the likelihood of cyber-attacks and provide free cyber liability insurance. Cyber security is an integral part of cyber resilience, but resilience is an ongoing journey.
Key factors which affect Cyber Resilience:
Compliance: Failure to use adequate technical and organisational controls to protect sensitive data can lead to breaches of the data protection act 2018 and UK GDPR.
Culture: The belief that cyber security is an IT issue, not relevant to educational settings and a sense that cyber incidents are unlikely can lead to poor cyber hygiene.
Cost: A lack of investment in data security can lead to escalating recovery costs, reputational damage and fines relating to breaches.
Change: Failure to plan appropriately and assess new systems prior to implementation increases the risk of vulnerabilities and breaches.
Continuity: Failure to plan for an incident and test the plan leads to difficulties in recovery and extended recovery timescales.
Cover: Settings without insurance cover could be left without financial support to respond and recover from incidents.
Education Data Hub is proud to be working with the National Cyber Security Centre on a Cyber Resilience initiative aimed at improving Cyber Resilience across the Education Sector.
This first of its kind project will create a bank of knowledge and tailored resources, freely available to all, that will help enable and embed Cyber Resilience in settings from nurseries and primaries schools, through to secondaries and FE colleges.
The section below details the free resources that are currently available or which we aim to provide this year.
If there is a resource you would like to see here, or if you already have something you think others would benefit from, we would love to hear from you.