Cyber Resilience
What is Cyber Resilience?
In simple terms, cyber resilience is a measure of how well an organisation can manage a cyber attack or breach while continuing to operate effectively.
Achieving cyber resilience means that, as a minimum, your setting will be able to deliver core education activities in the face of a range of cyber incident types and to continue to carry out school business effectively, securely, and with prompt recovery.
Cyber resilience involves identifying core school activities, preparing for cyber incidents, responding promptly and effectively when incidents occur and safeguarding your school community.
Cyber Essentials can help you reduce the likelihood of cyber attacks and provide free cyber liability insurance. Data Security and Cyber security are an integral part of cyber resilience, but resilience is an ongoing journey.
The Education Data Hub team offer a range services to support you on your journey to cyber resilience.
Data Security
Data Security is the protection of data from accidental or deliberate, unauthorised change, destruction or disclosure.
Data security can cover hardcopies, such as files in filing cabinets and disclosure of information through images and unique identifiers, such as your IP address.
Data security also covers secure data transmissions.
Read MoreCyber Security
Cyber Security is the protection of computers, electronic communications, systems, networks and the data those devices and systems contain.
Cyber security aims to protect information integrity, accuracy, and confidentiality, whilst ensuring that systems are always available.
Cyber Resilience
Cyber Resilience is the protection of data and systems to ensure reliable, consistent and secure access to systems and data.
Resilience also encompases the need for organisations to:
- risk assess systems
- mitigate potential risks
- respond to incidents
- recover from attack or disaster promptly
The aim is to preserve data and system integrity and the confidentiality or personal and organisational data.
Cyber Security
Cyber security is the protection of devices, systems and networks by implementing measures focused on preventing theft, damage, information disclosure or corruption.
Cyber security centres on keeping unauthorised persons out. Security can involve one layer or many layers. A ‘layered’ approach is more secure, but nothing is 100% effective.
Implementing Cyber Essentials basic controls will prevent the majority of unsophisticated attacks, but prevention is never guaranteed.
Cyber security measures alone are not enough to protect and prepare settings from the escalating number and severity of attacks.
Example Threat |
Example Security Methods |
Unauthorised access |
Unique usernames and passwords / encryption / software keys / policy |
Theft |
Site security barriers / locks / secure storage / CCTV |
Data corruption |
Anti-virus / malware protection / firewalls |
Data disclosure |
Identity verification / role specific access / digital signatures |
Cyber security forms part of cyber resilience.
Cyber Resilience
Cyber resilience enables your setting to continuously deliver education and to carry out school business effectively, securely and with prompt recovery in the event of an incident.
Cyber resilience involves preparing and responding promptly and effectively when incidents occur and adapting to ensure business continuity and enable recovery.
Cyber Essentials can help you reduce the likelihood of cyber-attacks and provide free cyber liability insurance. Cyber security is an integral part of cyber resilience, but resilience is an ongoing journey.
Key factors which affect Cyber Resilience:
Compliance: Failure to use adequate technical and organisational controls to protect sensitive data can lead to breaches of the data protection act 2018 and UK GDPR.
Culture: The belief that cyber security is an IT issue, not relevant to educational settings and a sense that cyber incidents are unlikely can lead to poor cyber hygiene.
Cost: A lack of investment in data security can lead to escalating recovery costs, reputational damage and fines relating to breaches.
Change: Failure to plan appropriately and assess new systems prior to implementation increases the risk of vulnerabilities and breaches.
Continuity: Failure to plan for an incident and test the plan leads to difficulties in recovery and extended recovery timescales.
Cover: Settings without insurance cover could be left without financial support to respond and recover from incidents.
Cyber Resilience Resources
These resources were produced in collaboration with the National Cyber Security Centre as part of a project to raise cyber security standards in educational settings across the UK.
The project concluded in March 2022.
- Data and IT Destruction and Disposals
- Staff Social Media Guidance
- Transfer of Ownership Form
- Pupil Device Loan Agreement
- Email Use and Security Advice
- Staff Device Loan Agreement
- Acceptable Use Agreement – Visitor Template
- Acceptable Use Agreement – Staff Template
- Acceptable Use Poster (Pupils)
- Acceptable Use Agreement – Pupil Template
- Policies and Procedures – What they should contain
- New Staff IT Template
- Administrators Log
- Privileged Account Protocol and Acceptable Use Agreement
- Software and Hardware Inventory Template
- Staff Engagement and Training – NCSC Link
- Policies and Procedures Checklist
- Practical Tips for Schools – NCSC Link
- Password Advice
- Quick Security Fixes – East Midlands Special Operations Unit
- User Access Management
- Protecting Mobile Devices
- Patch Management
- Managing Loaned and Donated Devices
- IT Security Self-Assessment
- Encryption Basics
- External Suppliers and Security
- Anti-Virus Advice
- Phishing Advice
- Cyber Essentials Overview
- Filtering and Legal Obligations
- Cyber Essentials Help
- Cyber Essentials Certification – NCSC Link
- Antivirus and Malware – NCSC Link
- Password Guidance – NCSC Link
- 10 Steps to Cyber Security – NCSC Link
- Digital Strategy Template
- Remote or off site working guidance
- Reviewing an IT Service Level Agreement
- IT Provider Checklist
- Cyber Risk and Assessment
- IT Provider DPIA
- Assessing IT Provision
- Understanding Cyber Resilience
- A Guide to the Cloud
- Backup Essentials
- Board Toolkit – NCSC Link
- Planning Exercise in a Box – NCSC Link
- Backup Scheduling – NCSC Link
- Cyber Insurance Guidance
- User Account Compromise
- Restoration Testing
- Restoration Strategies
- Working with the NCSC during a cyber security incident
- Using Specialist Recovery Services
- Incident Reporting and Contact Template
- Cleaning Infected Machines
- Disaster Recovery Procedure and Plan
- Post Incident Evaluation Template
- Action Log and Referral Record
- Incident Management Guidance
Any questions?
The Education Data Hub team would love to hear from you.
Get in touch with your questions, for a quote, or just for a chat about Cyber Resilience!