What the DfE Cyber Standards mean for you
The DfE Cyber Standards for Schools aim to guide schools in meeting a minimum standard for cyber security, user accounts and data protection, and can support settings in implementing safer practices for all staff and students.
Having worked on school cyber resilience and awareness projects with the DfE and the National Cyber Security Centre, The Cyber Team at Education Data Hub are ideally placed to support school leaders in meeting the DfE Cyber Security Standards for Schools, which were updated on 10th October 2022.
These new cyber standards should be met by schools as soon as possible. But what are schools being asked to do and why is it important to meet these standards? Read our straightforward guide:-
- Protect all devices on every network with a properly configured boundary or software firewall. Properly configured firewalls prevent many cyber attacks.
- Network devices should be known and recorded with their security features enabled, correctly configured and kept up-to-date.
Using the security features that devices already have is the most basic form of cyber security
- Accounts should only have the access they require to perform their role and should be authenticated to access data and services.
Successful cyber attacks target user accounts with the widest access and highest privileges on a network.
- You should protect accounts with access to personal or sensitive operational data and functions by multi-factor authentication.
Multi-factor authentication is especially important if an account has access to sensitive or personal data.
- You should use anti-malware software to protect all devices in the network, including cloud-based networks.
Up-to-date anti-malware and anti-virus software reduces the risk from many forms of cyber attack.
- An administrator should check the security of all applications downloaded onto a network.
Applications can insert malware onto a network or have unintentional security weaknesses.
- All online devices and software must be licensed for use and should be patched with the latest security updates.
Hackers try to identify and exploit the vulnerability that each new security update addresses.
- You should have at least 3 backup copies of important data, on at least 2 separate devices, at least 1 must be off-site.
If all copies were held in the same location, they would all be at risk from natural disasters and criminal damage.
- Your business continuity and disaster recovery plan should include a regularly tested contingency plan in response to a cyber attack.
Being unprepared for a cyber attack can lead to poor decisions, slow recovery, and expensive mistakes.
- Serious cyber attacks should be reported.
Cyber attacks are crimes against a school that need to be investigated so perpetrators can be found and counter-measures identified.
- You must conduct a Data Protection Impact Assessment by statute for personal data you hold as required by General Data Protection Regulation.
The protection of sensitive and personal data is vital to the safety of staff and students, and the reputation and confidence placed in schools.
- Train all staff with access to school IT networks in the basics of cyber security.
The most common forms of cyber attack rely on mistakes by busy staff members to be successful.
Our ‘Cyber Ready Project’ was launched at the start of this academic year and has already successfully engaged with over 130 schools who have now started their cyber compliance journey.
CONTACT US to find out more about our Cyber Ready Project and how we can help your school meet these new cyber requirements.
Education Data Hub work with Education Providers across the UK. Our team members are all former school staff who understand the pressures of a school environment, meaning our support is mindful of the school day/calendar.