Month: March 2023

The DfE Cyber Standards for Schools aim to guide schools in meeting a minimum standard for cyber security, user accounts and data protection, and can support settings in implementing safer practices for all staff and students.

Having worked on school cyber resilience and awareness projects with the DfE and the National Cyber Security Centre, The Cyber Team at Education Data Hub are ideally placed to support school leaders in meeting the DfE Cyber Security Standards for Schools, which were updated on 10^th October 2022.

These new cyber standards should be met by schools as soon as possible.  But what are schools being asked to do and why is it important to meet these standards?  Read our straightforward guide:-

1. Protect all devices on every network with a properly configured boundary or software firewall. Properly configured firewalls prevent many cyber attacks.
2. Network devices should be known and recorded with their security features enabled, correctly configured and kept up-to-date.
   Using the security features that devices already have is the most basic form of cyber security
3. Accounts should only have the access they require to perform their role and should be authenticated to access data and services.
   Successful cyber attacks target user accounts with the widest access and highest privileges on a network.
4. You should protect accounts with access to personal or sensitive operational data and functions by multi-factor authentication.
   Multi-factor authentication is especially important if an account has access to sensitive or personal data.
5. You should use anti-malware software to protect all devices in the network, including cloud-based networks.
   Up-to-date anti-malware and anti-virus software reduces the risk from many forms of cyber attack.
6. An administrator should check the security of all applications downloaded onto a network.
   Applications can insert malware onto a network or have unintentional security weaknesses.
7. All online devices and software must be licensed for use and should be patched with the latest security updates.
   Hackers try to identify and exploit the vulnerability that each new security update addresses.
8. You should have at least 3 backup copies of important data, on at least 2 separate devices, at least 1 must be off-site.
   If all copies were held in the same location, they would all be at risk from natural disasters and criminal damage.
9. Your business continuity and disaster recovery plan should include a regularly tested contingency plan in response to a cyber attack.
   Being unprepared for a cyber attack can lead to poor decisions, slow recovery, and expensive mistakes.
10. Serious cyber attacks should be reported.
    Cyber attacks are crimes against a school that need to be investigated so perpetrators can be found and counter-measures identified.
11. You must conduct a Data Protection Impact Assessment by statute for personal data you hold as required by General Data Protection Regulation.
    The protection of sensitive and personal data is vital to the safety of staff and students, and the reputation and confidence placed in schools.
12. Train all staff with access to school IT networks in the basics of cyber security.
    The most common forms of cyber attack rely on mistakes by busy staff members to be successful.

Our ‘Cyber Ready Project’ was launched at the start of this academic year and has already successfully engaged with over 130 schools who have now started their cyber compliance journey.
CONTACT US to find out more about our Cyber Ready Project and how we can help your school meet these new cyber requirements.

Education Data Hub work with Education Providers across the UK.  Our team members are all former school staff who understand the pressures of a school environment, meaning our support is mindful of the school day/calendar.

Follow us on Linked In

Online Safety is not just a computing or IT issue in schools… it links directly with safeguarding, and schools need a range of robust safeguarding policies in place to demonstrate this.

On the 1st September 2022, new content was added to the Keeping Children Safe in Education statutory guidance with the new section covering online safety, remote learning, information security, cyber-crime, and reviewing online safety provision.   The word safeguarding now appears 402 times in the KCSIE, and the word online appears 156 times.

In this digital age, children are users of tech and the internet from a very young age, and I think it’s safe to say that these young generations are the most digitally savvy we have ever had.

We all need to understand just how accessible and engaging the internet is to our young people today.  We have to get into their mindset.  It’s easy as adults to just accept that our children might ‘always be on their phone’, or ‘always looking at a screen’, without us thinking about why?   Why aren’t they out meeting friends and playing like we did when we were their age?  Well, for a start, we probably didn’t have the internet as an alternative!

Persuasive design uses insights from psychology to make products more engaging, and is used extensively in games and social media apps to make sure that users spend as much time as possible on those sites.    Once we understand that psychological tactics such as infinite scrolling, auto-play, or ellipses are utilised to keep people engaged, it easier to understand how our children might get lost in it.

So, what do your children, your pupils, love doing online?  What services and devices do they use?   Do children use the internet in a different way to adults?  Who do they chat to?  What do they see?  What do they share?   The online world can be exciting and inspiring.  Young people can create their own content, play games or watch videos, however, it is important to manage and minimise the associated risks, which can happen anywhere, to anyone, at any time.

Online Safety and Safeguarding don’t have to be topics for Computing or PSHE or RSE.  All staff can play a crucial role in preventative education and find a way to embed messages across the curriculum.  Create a safe space and let pupils know that you will not be angry or upset, but would like to support them in using the internet safely and responsibly.  Use neutral language and avoid being critical of pupils’ online behaviour.  Focus on key risks and the support available, not young peoples’ choices.

For pointers on how to start a conversation, Internet Matters have created a helpful guide to assist in creating an environment to make it easy to talk.

Embedding Online Safety across the curriculum is best achieved through a whole-school approach, with effective policies and reporting routes. As well as supporting young people to stay safe online, school staff also need to protect their own online reputation.

Our Online Safety training webinar has been produced to help school leaders fulfil statutory requirements and has been created with the updated KCSIE and Ofsted in mind.  Please get in touch at [email protected] to enquire about our whole-school staff Online Safety training.

Education Data Hub work with Education Providers across the UK.  Our team members are all former school staff who understand the pressures of a school environment, meaning our support is mindful of the school day/calendar.

Follow us on Linked In

How can growing MATs develop a high-profile culture of privacy, efficiency and trust? 

The School’s Bill may be gone, but the government has indicated that it is wedded to its principles. And although that means we no longer have academisation as a statutory target, the juggernaut is unlikely to be halted in its tracks. 

However, the DfE itself has called existing academy rules “complex,” “inconsistent” and “ineffective”; coupled with revolt sparked last year by the widening of the handbook beyond finances – Multi Academy Trusts are in a no man’s land when it comes to this area of compliance.  The bottom line is, there is no constitutional framework that addresses privacy and data protection.  Therefore, as any good teacher will tell you, if you leave a void where behaviour expectations should be – the behaviour that fills that void is unlikely to be the behaviour that you hoped for. 

So how do MATs develop and prioritise that high profile culture of privacy, efficiency and trust, beyond mere compliance without a framework?   The answer is obviously – work with us at Education Data Hub!   We are very much aware that ‘one size’ fits no-one, so we work with Trusts in an entirely bespoke way. 

There are many reasons this matters from a regulatory perspective, audit, reputation, publicity etc; but we think the most important reasons are respect, trust, transparency, well-being, time, and pride. 

Understanding and documenting where all the elements of compliance sit; from HR to Safeguarding, from records management to IT acceptable use, from CCTV to DPIAs, from curriculum to business management, from recruitment to parent communications, from policies to privacy notices, from ROPAs to cyber security; we work with Trusts to understand and reflect on their own position so an effective gap analysis can be devised to assess new schools coming on board. 

This proactive work makes your reactive work with us so much easier. If the basics above are in place, responding to data breaches, cyber incidents, SARs and FOIs becomes much more straight forward and less draining. All of our staff have a background in education so we know first-hand and inside out the pressures faced by your staff and the impact they can have – be assured you will always get not only an expert but also an empathic and supportive hand to hold.   Please contact us at [email protected] to find out how we can help you.

Further reading: although based on US research and commercial enterprises, this study shows the impact and return on investment a good privacy programme will have: From Privacy to Trust and ROI – Cisco Blogs

Education Data Hub work with Education Providers across the UK.  Our team members are all former school staff who understand the pressures of a school environment, meaning our support is mindful of the school day/calendar.

Follow us on Linked In