A Practical Guide for Schools Cyber Incident Response

Written on 24 January, 2023

…or How to Plan for the Proverbial Hitting the Cyber Fan!

With a noted increase in cyber incidents involving schools since Covid, it is
imperative that schools know how they can prepare A Practical Guide for Schools Cyber Incident Response 1 and protect themselves against a cyber attack.

Data has become big business in the world of crime, and with this there has been a rise in the number of cyber attacks. One of the most powerful tools that hackers use is Social Engineering, which relies on manipulation of the end user into first activating the cyber attack, commonly through phishing, although this is not the only method of infiltration. Educating your school staff on understanding hackers’ tools and tactics can help bolster your schools cyber defences.

In the last six months alone there have been several cyber incidents in schools reported in the media, where personal and special category data has been breached, leaving staff and pupils unable to access school systems. Most recently was an Academy Trust where fourteen schools were affected.

In the event that school cyber defences are breached, it is vitally important to have contingency plans in place to maintain a minimum level of functionality – not only to safeguard pupils and staff, but to also restore the school back to an operational standard. This planning is known as a Cyber Incident Response Plan (CIRP) and should form part of an overall School Continuity Plan (Disaster Recovery Plan) as per the DfE Cyber Security Standards (Oct 2022).

The key to a successful Cyber Incident Response Plan (CIRP) and improvement of the schools cyber resilience is the ownership of it by the Governors and Senior Leadership team. This is outlined by the DfE Cyber Security Standards and National Cyber Security Centre (NCSC) By enforcing the school’s cyber strategy, from the top, a culture of cyber compliance is built.

A robust Cyber Incident Response Plan (CIRP) contains all the information that your school would need to respond to a cyber incident. This includes:

A named Cyber Recovery Team including roles and responsibilities
A list of critical data assets and how long school could function without them
Plans for internal/external communications, including your cyber insurance provider
How to access registers/staff and pupil contact details
Actions log

Understanding your school’s data and where and how it is stored is key to a successful CIRP. Time should be taken to review and risk assess your school information systems, IT infrastructure, and policies and procedures relating to these as part of an ongoing Cyber Resilience cycle. This enables informed decisions to be made and a formal digital strategy to be developed as part of ongoing school improvements. The DfE Digital and Technology Standards in Schools and Colleges should form a basis for this.

If technology isn’t your bag, or the busy school environment consumes your time, contact us at Education Data Hub on [email protected] to find out how our Cyber Ready Project can help you.

Becca De Ville, Service Manager for our Cyber Security for Education Team, will be speaking at the GDPRiS Conference in Bristol and London about cyber response planning for schools.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.