{"id":3841,"date":"2023-01-24T12:31:37","date_gmt":"2023-01-24T12:31:37","guid":{"rendered":"https:\/\/educationdatahub.org.uk\/?p=3841"},"modified":"2023-01-25T09:07:08","modified_gmt":"2023-01-25T09:07:08","slug":"a-practical-guide-for-schools-cyber-incident-response","status":"publish","type":"post","link":"https:\/\/educationdatahub.org.uk\/news\/a-practical-guide-for-schools-cyber-incident-response\/","title":{"rendered":"A Practical Guide for Schools Cyber Incident Response"},"content":{"rendered":"
With a noted increase in cyber incidents involving schools since Covid, it is Data has become big business in the world of crime, and with this there has been a rise in the number of cyber attacks. One of the most powerful tools that hackers use is Social Engineering, which relies on manipulation of the end user into first activating the cyber attack, commonly through phishing, although this is not the only method of infiltration. Educating your school staff on understanding hackers’ tools and tactics can help bolster your schools cyber defences.<\/span>\u00a0<\/span>\u00a0<\/span><\/p>\n In the last six months alone there have been several cyber incidents in schools reported in the media, where personal and special category data has been breached, leaving staff and pupils unable to access school systems. Most recently was an Academy Trust where fourteen <\/span>schools<\/span> were affected.<\/span>\u00a0<\/span>\u00a0<\/span><\/p>\n In the event that school cyber defences are breached, it is vitally important to have contingency plans in place\u00a0to maintain a minimum level of functionality \u2013 not only to safeguard pupils and staff, but to also restore the<\/span> school back to an operational standard<\/span>.\u00a0This planning is known as a <\/span>Cyber Incident Response Plan (CIRP)<\/span> and should form part of an overall School Continuity Plan (<\/span>Disaster Recovery Plan) as per the <\/span>DfE Cyber Security Standards<\/a><\/strong> (Oct 2022). <\/span>\u00a0<\/span>\u00a0<\/span><\/p>\n The\u00a0key to a successful Cyber Incident Response Plan (CIRP)<\/span> and improvement of the schools cyber resilience i<\/span>s the ownership of it by the Governors and Senior Leadership team. This is outlined by the <\/span>DfE Cyber Security Standards<\/a><\/strong> and <\/span>National Cyber Security Centre (NCSC)<\/a><\/strong> By enforcing the school’s cyber strategy,\u00a0from the top, a culture of cyber compliance is built.<\/span>\u00a0<\/span>\u00a0<\/span><\/p>\n A robust <\/span>Cyber Incident Response Plan (CIRP)<\/strong><\/span><\/a> contains all the information that your school would need to respond to a cyber incident. This includes:<\/span>\u00a0<\/span>\u00a0<\/span><\/p>\n Understanding your school’s data and where and how it is stored is key to a successful CIRP. Time should be taken to review and risk assess your school information systems, IT infrastructure, and policies and procedures relating to these\u00a0as part of an ongoing Cyber Resilience cycle. This enables informed decisions to be made and a formal digital strategy to be developed as part of ongoing school improvements. The <\/span>DfE Digital and Technology Standards in Schools and Colleges<\/a><\/strong> should form a basis for this.<\/span>\u00a0<\/span><\/p>\n If technology isn\u2019t your bag, or the busy school environment consumes your time, contact us at Education Data Hub on cybersupport@derbyshire.gov.uk<\/a><\/strong> to find out how our Cyber Ready Project<\/a><\/strong> can help you.<\/span>\u00a0<\/span><\/p>\n Becca De Ville, Service Manager for our Cyber Security for Education Team, will be speaking at the GDPRiS Conference in Bristol<\/a><\/strong> and London<\/a><\/strong> about cyber response planning for schools.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":" …or How to Plan for the Proverbial Hitting the Cyber Fan! With a noted increase in cyber incidents involving schools since Covid, it is imperative that schools know how they can prepare and protect themselves against a cyber attack. \u00a0 Data has become big business in the world of crime, and with this there has […]<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/educationdatahub.org.uk\/wp-json\/wp\/v2\/posts\/3841"}],"collection":[{"href":"https:\/\/educationdatahub.org.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/educationdatahub.org.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/educationdatahub.org.uk\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/educationdatahub.org.uk\/wp-json\/wp\/v2\/comments?post=3841"}],"version-history":[{"count":5,"href":"https:\/\/educationdatahub.org.uk\/wp-json\/wp\/v2\/posts\/3841\/revisions"}],"predecessor-version":[{"id":3861,"href":"https:\/\/educationdatahub.org.uk\/wp-json\/wp\/v2\/posts\/3841\/revisions\/3861"}],"wp:attachment":[{"href":"https:\/\/educationdatahub.org.uk\/wp-json\/wp\/v2\/media?parent=3841"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/educationdatahub.org.uk\/wp-json\/wp\/v2\/categories?post=3841"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/educationdatahub.org.uk\/wp-json\/wp\/v2\/tags?post=3841"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n<\/span> imperative that schools know how they can prepare and protect themselves against a cyber attack. <\/span>\u00a0<\/span><\/p>\n\n