Data theft and the growing complexity of cyber-attacks were just two issues which have kept teachers and educational professionals up at night. Other issues included network safety, awareness of users and users following policy, data security and General Data Protection Regulation (GDPR).
These concerns were highlighted by respondents in our Cyber Security in UK Schools and with Cyber Security Month taking place during October, these remain primary challenges for schools which have to ensure they have strong cybersecurity processes in place to protect the school and all the valuable information it holds.
While many schools may have robust IT policies in place, the report highlighted that IT security policies which were not being annually updated were a key weakness in school systems.
The Internet is a Key Tool for Teachers
The survey from the report included 350 respondents from schools and colleges in England in Wales, representing 66 800 children. Of the cyber attacks reported, 48% of these were ransomware
Respondents reported a range of cyber security concerns, but a troubling 17% indicated having no concerns from a cyber security perspective.
In partnership with the Institute of Cyber Security for Society at the University of Kent and supported by BitDefender, the report found that teachers regard the internet as a key tool to do their job. Yet over 60% of schools had not received cyber training and one out of three schools did not have a cyber security policy in place.
The report found that schools used different technologies to protect their schools with firewalls, antivirus, malware, security technology and data back-up being the three technologies the most endorsed by respondents.
Schools Need Annual Updates
Key findings from the report were a lack of policy, training and knowledge about risks and potential for harm, with particular concern over whether schools carried out annual updates of IT policies and cybersecurity risks.
“In comparison to the enforcement of IT policies and procedures, fewer responses indicated that these policies were updated. For example, 69.4% of respondents reported having IT security policies in their schools (or being aware of such policies) but only 57.8% reported these had been updated in the last year” stated the report.
When it came to risk registers, only 38.1% had been updated in the last year, while BCDR (Business Continuity and Disaster Recovery) plans showed only 34.7% had been updated since the previous year.
The report highlighted, “These differences between the number of respondents reporting their enforcement and whether they have been updated in the last year shows that not all cyber security relevant policies in schools represented by the respondents are updated annually. Risk registers especially have not much meaning if they are not kept up to date.”
5 Key Actions For Schools To Take Now:
- Assess the risks and identify how you can reduce the impact of cyber attack on your school.
- Review your current policy set. Is it fit for purpose, relevant and up to date?
- Invest in expert advice and guidance to inform your strategy; it could save money in the long term.
- Invest in your staff. Implement a regular approach to awareness raising – short, quick and accessible training that is compulsory for all staff.
- Produce, maintain and test your risk and continuity and backup and disaster plans. Knowing what to do will improve your response to an attack.
The report described being cyber-secure as “not a static process, a do-once and forget approach. Like many other areas of school life, continuous self-improvement is required. Cyber threats rarely stay the same for long, in the same way schools need to ensure that their systems and processes remain fit-for-purpose. Access to technology, data and the internet are so critical to successful education that doing nothing is simply not an option.”
SWGfL has a host of resources to resolve these challenges. These include the free 360 Degree Safe Online Safety Review Tool for Schools to help schools review their online policy; Cyber and Information Security Audits; Cyber Security Software from BitDefender designed specifically for schools and Cyber and Information Training for staff.