10 QUESTIONS FOR HEAD TEACHERS ON CYBER SECURITY

Every education establishment should have a significant level of security, and this should be reviewed and remain a high priority throughout every academic year.

Schools rely a lot on IT technology and cloud services to store important, sensitive data, so it’s vital that this information is kept confidential and safe.

Are you sure that your establishment is cyber secure?

Below are some questions that will help you determine how protected your school might be against threats…

Z

THE CHECKLIST

1. 

Who is responsible for your IT Services? Is it multiple providers or one MSP?

A single supplier has the incentive to fix issues efficiently whilst at the same time ensuring the issue has gone away for good. Making sure there is an adequate Service level Agreement (SLA) next to a service is very important. Setting the expectation from the start lets everyone know where they stand.

2. 

Who manages & deals with IT internally within your school?

How do you audit the internal process to ensure issues are dealt with and the correct priority is allocated? It’s often found that IT support is a secondary role to the person dealing with day-to-day issues. Are the IT issues taking the users away from their main role?

3. 

Have you had any previous issues with security and what would you identify as the most critical issue currently?

Is Cyber Security on the agenda of internal meetings, if not why? Cyber security evolves and in a lot of instances a major breach often starts with what can seem as insignificant events.

4.

Are you satisfied with your current cyber security set up?

Treat this as a topic in its own right. Allocate the task and stay on top of the Cyber threat landscape.

5. 

Do you have an efficient backup and recovery plan in place for potential attacks?

Do you and your staff understand what an attack is, what it looks like and how to react in the event of one happening? Understanding this early on can reduce the potential damage caused by a breach and by adopting a “not if, but when” mentality will make sure you are well prepared.

6.

Are you aware of who to contact when a security breach occurs?

This should be an internal team with the confidence and authority to be able to act fast.

7. 

Do you provide staff training and encourage cyber security awareness?

If so, how do you measure your current cyber threat knowledge, how up to date the training is and its relevance?

8.

Would you still be able to operate if you lost connection or access to your data?

If not, why not? Loss of connection to data doesn’t just mean an internet outage, it could be that you have fell victim to ransomware and your data is locked until the ransom is paid. Do you have insurance to cover this? Do you have protection against this? Can you afford not to?

9. 

What protection do you currently have in place?

Is this protection multi-layered? A multi-layered approach works by having multiple levels of defence against cyber-attacks rather than a single line of protection. When it comes to cyber defence you can never have enough protection and it’s worth remembering that your armour is only as good as its weakest link.

10.

Set specific rules for staff/students for emailing, mobile usage, internet browsing and social media.

Raising a user’s privileges is one of the most common methods “bad actors” use to access systems. Getting in as what seems to be a low-level user and increasing their security rights often goes unnoticed. When was the last time you checked your IT estate? Do you have an onboarding and offboarding process for users?

JARGON BUSTER

“Bad Actors”

Bad actor refers to the term ‘Cybercriminal’ who are individuals or groups of people that hide behind the dark web and interfere with users’ devices by performing a series of events to successfully hack their systems. This is usually done to obtain sensitive information and generate profit.

“Cyber Attack” 

A deliberate invasion of your device or network.
By gaining unauthorised entry cybercriminals can deactivate certain elements of your device to purposely cause damage. This might be to steal data or install malware onto your system.

“Ransomware”

Ransomware is a software that is specifically designed to encrypt users’ devices. It is a form of Malware that is generated to cause damage to a machine. The software can access your computer system, steal data, and encrypt your device causing viruses and other malicious activity. The payment is usually demanded in a virtual currency, such as bitcoin – this means the cybercriminals identity remains anonymous and difficult to trace.

“Multi Layered Protection”

When tackling cyber threats, we always advise that you use a combined, layered approach to your security measures, utilising great technology, alongside staff training and expert advice. Using this combination to tackle cyber security, you will ensure that your business adheres to best practice and doesn’t become an easy target for cyber criminals.

“Cyber Defence” 

The act of implementing the relevant security solutions to prevent potential attacks from occurring. Check our cyber security solutions for more information!

“Cyber Threat Landscape”

Having cyber security awareness about the current threat landscape is vital in implementing steps to protect your business.

MANAGE YOUR CYBER SECURITY TODAY!

It’s important you review your current security set up to protect against future threats. Educating your staff is also key. It’s effective & promotes a shift in the cyber security culture within an establishment.

Call us on 0333 150 6780, email or fill out the contact form below and a member of the team will be in touch.

1 + 1 =

Previous

Pin It on Pinterest

Share This