This website uses cookies to ensure you get the best experience on our website. More info. Accept Reject

Five Steps to Becoming a Cyber Essentials Secure School

Charlie is the headteacher of a popular local school. The last year has been one of the most testing times they have experienced. Already coping with the COVID-19 pandemic there is the additional worry of increased cyberattacks on the education sector. The National Cyber Security Centre (NCSC) has alerted all education providers to take better action to protect themselves in response to this. Charlie wants to work towards his school having a cyber secure culture. Making sure they have an excellent reputation for data protection and student safety.

The question is how can the school achieve this? Charlie has heard the phrase ‘Cyber Essentials’ mentioned before, but what is it? Are there any benefits? Is certification required for funding? If you have similar concerns, follow along below as we explain what Cyber Essentials is and why your school should obtain the certification.

 

Cyber Essentials Certification School Pupils

 

What is The Cyber Essentials Scheme?

Cyber Essentials is a certification scheme endorsed by the UK government. It recognises the huge risks cybercrime poses and how this can be avoided using simple security measures. Cyber Essentials standardises the crucial measures every organisation should take to ensure their digital security and protection from cyberattacks. 

The certification assesses five key cybersecurity areas within an organisation:

 

Cyber Essentials Firewall

Secure configuration

Cyber Essentials User access control

Boundary Firewalls and Internet Gateways

You have a secure internet connection

Secure Configuration

You have the most secure settings activated on all your devices

User Access Control

You have full control over who is accessing your data and services

Cyber Essentials Malware protection

Cyber Essentials Patch management

Malware Protection

You have protection in place against viruses and malware

Patch Management

Your devices and software are updated with the latest versions

 

 

After ensuring you have these basic controls in place you can complete a self-assessment to confirm your organisation’s devices meet the criteria. Once signed and submitted it is reviewed by a certification body. If you meet all the requirements, you will pass and will be considered secure to a UK government standard.

There are two levels of certification, Cyber Essentials and Cyber Essentials Plus. Each include the following benefits:

 

Key Features

Cyber Essentials

Cyber Essentials Plus

Unlimited expert guidance to      ensure you pass first time

Cyber Essentials Tick Cyber Essentials Tick

Certification within 24 hours

Cyber Essentials Tick Cyber Essentials Tick

£25k free cyber insurance with certification

Cyber Essentials Tick Cyber Essentials Tick

Independent assessment from an expert auditor

Cyber Essentials Cross Cyber Essentials Tick

 

Cyber Essentials is the self-assessed option. Whereas Cyber Essentials Plus is carried out onsite or remotely by an independent licensed auditor. This offers assurance to staff, pupils and parents that your assessment was carried out by an expert.

 

Why is Cyber Essentials Important For My School’s Cybersecurity?

In the last year there has been a rise in the number of cyberattacks on education providers. Mainly due to the amount of sensitive data stored, recent distance learning and inadequate IT security. Schools can have a huge number of users too. As a result, they are prime targets for threats such as phishing and ransomware. It just takes one wrong click on a malicious link and your systems could be breached.

This has prompted the NCSC to advise the education sector to be better protected from such threats. The effects of a data breach resulting from an attack can be devastating and long-lasting. A recent survey found a third of schools who suffered a breach lost complete control of their systems, data or money1

Becoming Cyber Essentials certified is a simple and cost-effective way to improve cybersecurity. Adhering to these guidelines have been shown to help guard organisations from 98.5% of common cybersecurity threats2. For this reason, the Education and Skills Funding Agency (ESFA) will soon require education providers to have a Cyber Essentials Plus certification to access funding. Cyber Essentials also helps support General Data Protection Regulation (GDPR) compliance. Additional IT security steps are required to fully meet these obligations.

Completing the certification not only means you meet regulations, but it’s an initial step to create a cyber secure culture in your school. Helping to raise awareness and encourage users to be careful when handling digital devices or data. Working together to fully protect your school from cybercrime and its devastating effects.

 
How Does My School Become Cyber Essentials Certified? 

Ready for your school to become Cyber Essentials certified? NCI Technologies can help! We partner with a leading cybersecurity provider who makes certification simple and accessible. To find out more on becoming a Cyber Essentials certified school contact our friendly sales team or call us on 01326 379 497.

 

Sources

1 Cyber Essentials for Education - A simple guide to Cyber Essentials for schools, universities, and further education providers

2 Cyber Essentials for Education - A simple guide to Cyber Essentials, as required by the Education & Skills Funding Agency

BACK

Share

Comments

Leave a comment below

Call Me Back

I would like to discuss NCI Services & Support