Cyber Security

We have made huge advances in technology across all aspects of our lives, including our working and educational environments. This is only set to accelerate we move to a world where everything is ‘connected’. With these advances, has come opportunities for criminals to take advantage of vulnerabilities that have developed through our ‘connected world’.

For schools, colleges and universities, the threat is increasing year on year and ransomware is the weapon of choice (NCSC June 2021 report). The aftereffects of such an incident can be far reaching; weeks without any school data, time spent recovering data, data breaches and reputational damage.

Schools need to be aware that they are targets and put in measures to best protect themselves. That includes a holistic approach – looking at technology, policies, incident plans and training. People are your biggest asset to preventing an incident, but they need contextual training and the courage to talk and report. This requires a positive and open culture that needs to be fostered from those leading the school or Trust.

It is important to note that you do not need to be ‘technical’ to take part in developing the cyber strategy for a school. Like most things, it requires a through approach where you can pull in those with expert skills to help you. This needs to be led by school governors and senior leaders in conjunction with technical teams, business managers, staff and pupils.

 

Key organisations

The National Cyber Security Centre (NCSC)

“We support the most critical organisations in the UK, the wider public sector, industry, SMEs as well as the general public. When incidents do occur, we provide effective incident response to minimise harm to the UK, help with recovery, and learn lessons for the future”.

 

 

NCSC produce and share a wealth of resources that can be found on their website They have a specific section for education which is an ideal place to start if you are new to cyber security.

 

South East Cyber Resilience Centre

 

We would encourage all schools to sign up for the SE CRC core membership which is FREE. Click here to sign up.

This membership gives you an opportunity to talk to someone from the centre about your current level of understanding of cyber security, a monthly newsletter and help with the NCSC resources: Exercise in a Box, the Board Toolkit (aimed at Governors) and their guidance documents.

 

The SE CRC can also provide support and training in areas such as remote vulnerability assessment, internal vulnerability assessment and policy and process review. You can see all the services they offer here. For members, these services are offered at a reduced cost.

 

 

Regional Organised Crime Units

The Regional Organised Crime Units cover different regions of the country and each one has a cyber-crime team who are there to support business and schools with advice and resources around Cyber Protect and Cyber Choices (more details below)

Our region is covered by two units, the South East ROCU and the Eastern ROCU

 

School specific support

Secure Schools      

Secure Schools supports schools and trusts with cyber security. They only work in education, and everything they do is school-specific!

Their software includes staff training, a phishing simulator, a policy builder and a self-assessed cyber security audit module and can be managed at single school or trust level.

Their services include cyber security audits, network testing and Cyber Essentials certification. Services are priced to be accessible to schools, and they build products and services tailored to your needs.

Find out more at the following link:

Schools ICT | Get Started with Secure Schools

Actions for school leadership

 The South East Regional Organised Crime Unit runs a very useful school leadership session on cyber security and this page provides a checklist with very useful links covering all the aspects that school leaders need to think about.

https://serocu.police.uk/schools/

 

Cyber Incident Response Plans

It is important that schools know what to do when they experience a cyber security incident. We have to move to the mind set of ‘not if but when’. Incident response plans require time and effort to make sure that they will work, and that key people know what they should be doing. Like all important response plans, it is critical that you test it before you need to use it.

Here are some templates that you can use:

 

Staff Training Resources

Fortinet – Free Cyberattack and risk mitigation training is available from Fortinet, for SEGfL member schools. The details from the training teachers can access and incorporate into lessons for both primary and secondary schools. The training is education focused and provides staff with the latest knowledge, guidance and tips to deal with potential cyberattacks or other risk mitigations.

The content is provided by MLL’s security partner, Fortinet. Each module is delivered in bite-sized chunks (typically 8 minutes) covering topics including:

  • Information security awareness
  • Social engineering
  • Phishing attacks
  • Email security
  • Password protection
  • Malware and Ransomware

The courses align to the National Institute of Standards and Technology framework and on completion of the course the educator will receive a certificate.

Please contact [email protected] for more information

 

The NCSC has produced free cyber security training to raise awareness and help school staff manage some of the key cyber threats facing schools. The training packs come in two formats:

  • A scripted presentation
  • A self-learn video

These resources have been well received by those schools who have used them, and we encourage you to use them with all your staff.

This short guide was specifically written for schools by NCSC and the NEN to provide staff with a practical guide to cyber security. Click the image to get the guide.

 

SEGfL can provide cyber security training for school staff if they wish it. Please contact us via [email protected] or alternatively you can contact your Regional Organised Crime Unit and ask for the Cyber Protect team.

 

Cyber Security and safeguarding Pupils

Do you have children who are exhibiting risky behaviours with technology or have already played around on the school network, trying to cause damage? There is a national programme available to support schools and children/ young people in understanding the risks and how their knowledge can be used positively. This programme is called Cyber Choices and is run by the National Crime Agency (NCA) and the Regional Organised Crime Units.

The Cyber Choices website holds lots of useful information about helping youngsters choosing the right, legal path. They have guidance for parents/ careers as well as career advice and development resources. Click here to go to the National Cyber Choices site.

For schools in all of our local authorities except Kent, you can contact the SE ROCU to get support by the Cyber Choices team. Find out more here.

For schools in Kent, you can contact the EROCU to get support from their Cyber Choices team. Find out more here