Skip to main content

Meeting the New DfE Cyber Security Standards for Schools

Written on 11 October, 2022

The Department for Education have released their updated Cyber Security Standards for schools and colleges

Meeting the New DfE Cyber Security Standards for Schools 1

Having worked on cyber awareness projects with the DfE and the National Cyber Security Centre, The Cyber Team at Education Data Hub are ideally placed to support school leaders in meeting the updated cyber security standards.

Our ‘Cyber Ready Project’ was launched at the start of this academic year and has already successfully engaged with over 200 schools who have now started their cyber compliance journey.

Education Data Hub team members are all ex-school staff who understand the pressures of a school environment, and our support is mindful of the school day/calendar.

CONTACT US to find out how we can help your school meet these new requirements.  Education Data Hub work with Education Providers across the UK.

You can read the full new cyber standards HERE but we have summarised them below:

  • Protect all devices on every network with a properly configured boundary or software firewall
  • Network devices should be known and recorded with their security features enabled, correctly configured and kept up-to-date
  • Accounts should only have the access they require to perform their role and should be authenticated to access data and services
  • You should protect accounts with access to personal or sensitive operational data and functions by multi-factor authentication
  • You should use anti-malware software to protect all devices in the network, including cloud-based networks
  • An administrator should check the security of all applications downloaded onto a network
  • All online devices and software must be licensed for use and should be patched with the latest security updates
  • You should have at least 3 backup copies of important data, on at least 2 separate devices, at least 1 must be off-site
  • Your business continuity and disaster recovery plan should include a regularly tested contingency plan in response to a cyber attack
  • Serious cyber attacks should be reported
  • You must conduct a Data Protection Impact Assessment by statute for personal data you hold as required by General Data Protection Regulation
  • Train all staff with access to school IT networks in the basics of cyber security

To find out more about our Cyber Ready project please email [email protected]