Blog
Five Steps to Becoming a Cyber Essentials Secure School
25/08/2021
Charlie is the headteacher of a popular local school. The last year has been one of the most testing times they have experienced. Already coping with the COVID-19 pandemic there is the additional worry of increased cyberattacks on the education sector. The National Cyber Security Centre (NCSC) has alerted all education providers to take better action to protect themselves in response to this. Charlie wants to work towards his school having a cyber secure culture. Making sure they have an excellent reputation for data protection and student safety.
The question is how can the school achieve this? Charlie has heard the phrase ‘Cyber Essentials’ mentioned before, but what is it? Are there any benefits? Is certification required for funding? If you have similar concerns, follow along below as we explain what Cyber Essentials is and why your school should obtain the certification.
What is The Cyber Essentials Scheme?
Cyber Essentials is a certification scheme endorsed by the UK government. It recognises the huge risks cybercrime poses and how this can be avoided using simple security measures. Cyber Essentials standardises the crucial measures every organisation should take to ensure their digital security and protection from cyberattacks.
The certification assesses five key cybersecurity areas within an organisation:
|
|
|
|
|
Boundary Firewalls and Internet Gateways You have a secure internet connection |
Secure Configuration You have the most secure settings activated on all your devices |
User Access Control You have full control over who is accessing your data and services |
|
|
|
|
|
Malware Protection You have protection in place against viruses and malware |
Patch Management Your devices and software are updated with the latest versions |
|
After ensuring you have these basic controls in place you can complete a self-assessment to confirm your organisation’s devices meet the criteria. Once signed and submitted it is reviewed by a certification body. If you meet all the requirements, you will pass and will be considered secure to a UK government standard.
There are two levels of certification, Cyber Essentials and Cyber Essentials Plus. Each include the following benefits:
|
Key Features |
Cyber Essentials |
Cyber Essentials Plus |
|
Unlimited expert guidance to ensure you pass first time |
 |
|
|
Certification within 24 hours |
|
|
|
£25k free cyber insurance with certification |
|
|
|
Independent assessment from an expert auditor |
 |
|
Cyber Essentials is the self-assessed option. Whereas Cyber Essentials Plus is carried out onsite or remotely by an independent licensed auditor. This offers assurance to staff, pupils and parents that your assessment was carried out by an expert.
Why is Cyber Essentials Important For My School’s Cybersecurity?In the last year there has been a rise in the number of cyberattacks on education providers. Mainly due to the amount of sensitive data stored, recent distance learning and inadequate IT security. Schools can have a huge number of users too. As a result, they are prime targets for threats such as phishing and ransomware. It just takes one wrong click on a malicious link and your systems could be breached. This has prompted the NCSC to advise the education sector to be better protected from such threats. The effects of a data breach resulting from an attack can be devastating and long-lasting. A recent survey found a third of schools who suffered a breach lost complete control of their systems, data or money1. Becoming Cyber Essentials certified is a simple and cost-effective way to improve cybersecurity. Adhering to these guidelines have been shown to help guard organisations from 98.5% of common cybersecurity threats2. For this reason, the Education and Skills Funding Agency (ESFA) will soon require education providers to have a Cyber Essentials Plus certification to access funding. Cyber Essentials also helps support General Data Protection Regulation (GDPR) compliance. Additional IT security steps are required to fully meet these obligations. Completing the certification not only means you meet regulations, but it’s an initial step to create a cyber secure culture in your school. Helping to raise awareness and encourage users to be careful when handling digital devices or data. Working together to fully protect your school from cybercrime and its devastating effects. |
How Does My School Become Cyber Essentials Certified?
Ready for your school to become Cyber Essentials certified? NCI Technologies can help! We partner with a leading cybersecurity provider who makes certification simple and accessible. To find out more on becoming a Cyber Essentials certified school contact our friendly sales team or call us on 01326 379 497.
Sources
1 Cyber Essentials for Education - A simple guide to Cyber Essentials for schools, universities, and further education providers
2 Cyber Essentials for Education - A simple guide to Cyber Essentials, as required by the Education & Skills Funding Agency
Share
Call Me Back
I would like to discuss NCI Services & Support
Comments
Leave a comment below