Schools have an increasing reliance on IT and online systems which makes cyber security an important consideration. As a result, a number of free resources have been made available to the education sector to help schools understand the information, resources and services available to improve their cyber security.
The NCSC resources are grouped for the following audiences in a school or education settings, the latest advice covers School IT: admin teams, procurers and provides.
School IT: admin teams, procurers & providers
The following section provides entry level guidance applicable to education settings to assist the implementation of basic cyber security controls with little to no cost. There are two versions depending on the type of organisation but mitigations are the same.
Guidance that helps small to medium sized organisations prepare their response to and plan
their recovery from a cyber incident. It’s a companion piece to the above NCSC guidance
and is applicable to education settings.
This guidance is aimed at medium to large organisations, including education settings, that have someone dedicated to managing the organisation’s cyber security. For smaller organisations the NCSC Small Business Guide might be better place to start, though the principles in the 10 Steps are applicable to all organisations.
This service helps your organisation find out how resilient you are to a cyber attack & practice your response in a safe environment.
This service informs organisations of threats against their networks by delivering feeds of the
following types of threat information: incident notification, network abuse events and vulnerability alerts. It complements your existing threat intelligence products, and should not be used in isolation.
This service helps you find and fix common security vulnerabilities in the websites that you manage. The checks are designed to impose low load on your sites and to avoid damaging them. Web Check tells you: what you need to worry about, when you need to worry about it, and what you need to do about it. It is easy to use and doesn’t require a high level of technical skill. Web Check is not designed as a substitute for proper penetration testing. It checks for common vulnerabilities or misconfigurations in your service, but it does not guarantee the security of your site.
Mail Check helps organisations assess their email security compliance and adopt secure email standards which prevent criminals from spoofing your email domains.
Proposing a series of 12 principles, designed to help you establish effective control and oversight of your supply chain.
Cyber Essentials helps your guard against the most common cyber threats and demonstrate your commitment to cyber security. It is a simple but effective, Government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks.
There is also the Cyber Essentials readiness toolkit. Your responses to the questions in the toolkit helps create a personal action plan to help you move towards meeting the Cyber Essentials requirement. The action plan includes links to specific guidance on how to meet the requirements. The toolkit is available at: Questions | Readiness (iasme.co.uk)
Previously, at CYBERUK, the NCSC hosted a stream focussed on ransomware, the risk to schools and how to prevent it. You can watch it here: https://youtu.be./FppzWedY0ic