Meeting the New DfE Cyber Security Standards for Schools

Written on 11 October, 2022

The Department for Education have released their updated Cyber Security Standards for schools and colleges

Having worked on cyber awareness projects with the DfE and the National Cyber Security Centre, The Cyber Team at Education Data Hub are ideally placed to support school leaders in meeting the updated cyber security standards.

Our ‘Cyber Ready Project’ was launched at the start of this academic year and has already successfully engaged with over 200 schools who have now started their cyber compliance journey.

Education Data Hub team members are all ex-school staff who understand the pressures of a school environment, and our support is mindful of the school day/calendar.

CONTACT US to find out how we can help your school meet these new requirements. Education Data Hub work with Education Providers across the UK.

You can read the full new cyber standards HERE but we have summarised them below:

Protect all devices on every network with a properly configured boundary or software firewall
Network devices should be known and recorded with their security features enabled, correctly configured and kept up-to-date
Accounts should only have the access they require to perform their role and should be authenticated to access data and services
You should protect accounts with access to personal or sensitive operational data and functions by multi-factor authentication
You should use anti-malware software to protect all devices in the network, including cloud-based networks
An administrator should check the security of all applications downloaded onto a network
All online devices and software must be licensed for use and should be patched with the latest security updates
You should have at least 3 backup copies of important data, on at least 2 separate devices, at least 1 must be off-site
Your business continuity and disaster recovery plan should include a regularly tested contingency plan in response to a cyber attack
Serious cyber attacks should be reported
You must conduct a Data Protection Impact Assessment by statute for personal data you hold as required by General Data Protection Regulation
Train all staff with access to school IT networks in the basics of cyber security

To find out more about our Cyber Ready project please email [email protected]

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Meeting the New DfE Cyber Security Standards for Schools

The Department for Education have released their updated Cyber Security Standards for schools and colleges

Protect all devices on every network with a properly configured boundary or software firewall

Network devices should be known and recorded with their security features enabled, correctly configured and kept up-to-date

Accounts should only have the access they require to perform their role and should be authenticated to access data and services

You should protect accounts with access to personal or sensitive operational data and functions by multi-factor authentication

You should use anti-malware software to protect all devices in the network, including cloud-based networks

An administrator should check the security of all applications downloaded onto a network

All online devices and software must be licensed for use and should be patched with the latest security updates

You should have at least 3 backup copies of important data, on at least 2 separate devices, at least 1 must be off-site

Your business continuity and disaster recovery plan should include a regularly tested contingency plan in response to a cyber attack

Serious cyber attacks should be reported

You must conduct a Data Protection Impact Assessment by statute for personal data you hold as required by General Data Protection Regulation

Train all staff with access to school IT networks in the basics of cyber security