63% of UK secondary schools reported experiencing online security breaches or cyber-attacks in 2022. Although there is no cheat sheet on preventing these IT disasters from happening, these 10 essential tips from our cyber security experts will help you enhance cyber security for your school or academy.
With the threat of cybercrime increasing daily, keeping your students safe online can feel like a never-ending battle. Schools and academies are prime targets for cybercriminals as they hold lots of valuable data, including sensitive information about pupils, staff and parents that could be used for identity theft or financial fraud.
If you oversee the IT management at a school or academy, it is vital to take a proactive approach to protecting your data. Our 10 steps will increase the effectiveness of your cyber security and get you started on the basics of building a cyber security strategy.
Remember – the most successful cyber security solutions for schools and academies are complex, comprehensive, and, most importantly, created with the help of an cyber security expert. Get in touch to find out how our team of IT specialists can improve cyber security in your educational establishment.
Your TL;DR summary
- Train your teachers (and other staff)
- Keep your systems up to date
- Introduce a password policy
- Implement Multi-Factor Authentication (MFA)
- Create authorised access controls
- Carry out regular backups
- Have a disaster recovery plan
- Carry out cyber security audits
- Do not allow non-IT staff to have administrator rights
- Think twice before using removable storage devices
Train your teachers (and other staff)
Educating your staff on cyber security is the first step in keeping your systems secure. A Stanford University report from 2020 found that almost 9 out of 10 data breaches were caused by human error, which means teaching your staff the fundamentals of staying safe online could significantly reduce the chances of a breach at your school or academy.
The government-backed Cyber Essentials scheme is a useful starting tool for equipping your staff with the knowledge they need to spot and prevent the most common cyber-attacks.
Keep your systems up to date
Make sure your software, systems and cyber security strategies are updated regularly. It is essential to have the latest patches installed in order to fix issues as they’re identified, add new safety features and maintain the highest level of security across your school’s IT systems. Automatic updates should be enabled for all eligible software on your school devices.
Introduce a password policy
Passwords must be strong and changed regularly if they are to remain impenetrable to cyber-attacks. On average, a hacker can crack an 11-character password containing only numbers in two seconds. Adding lower and uppercase letters to a password of the same length will extend that time to 11 years.
Implementing a password policy will apply a set of rules to the passwords your staff and pupils can use to make it more difficult for cybercriminals to gain access to your school systems. Typical rules include:
- Using strong passwords (contain a mix of letters, numbers and symbols)
- Changing your password periodically
- Not reusing old passwords or those associated with other accounts
- Not sharing passwords
Implement Multi-factor Authentication (MFA)
You can add another layer of security to IT in your school or academy by introducing multi-factor authentication. This will require staff and pupils to enter a one-time code in addition to their password to gain access to your data and systems. For additional security measures, this code is usually sent to a separate device from the one the user is trying to access.
Create authorised access controls
There is a number of IT security measures you can implement that will restrict access to your school’s networks and systems to authorised users only. These controls include multi-factor authentication (see above) and audit trails that automatically track which users have accessed certain files and when.
Another effective method involves creating access control lists (ACLs), which apply rules and restrictions to internal system access. This would mean that your staff and pupils are only able to access certain files, network areas and applications, according to their specific needs.
Carry out regular backups
Regular backups play a vital role in keeping your important data safe. In the event of a security breach, a malicious attack could corrupt your files, potentially resulting in primary data loss.
Cloud backup solutions are a great way to automate the backup process so you don’t have to rely on manual backup processes that could be overlooked and leave your systems vulnerable.
Have a disaster recovery plan
Despite your best efforts and security measures, cyber-attacks will happen in your school. Being prepared for these situations is the only way to ensure your IT systems stay up and running when the worst-case scenario happens.
A disaster recovery plan provides instructions on the exact actions that must be taken to get your IT back to normal operations. Disaster recovery is a complex process that involves lots of planning, assessments and testing, but support from an IT specialist can make things more straightforward.
Carry out cyber security audits
A cyber security audit is essentially a risk assessment for your IT systems. It involves a systematic review of your systems, processes and practices to identify any weaknesses that could leave your school vulnerable to a cyber-attack. Any weaknesses detected during the audit can then be strengthened, reducing the risk of a costly data breach.
We recommend an annual audit to keep your school’s cyber security operating at maximum effectiveness.
Do not allow non-IT staff to have administrator rights
Being over-generous with administrator rights creates a security risk, which can lead to data privacy and compliance issues. To abide by GDPR regulations, you are legally required to safeguard sensitive information by limiting access to those who need it.
Non-IT staff with administrator rights can cause compliance issues, as they are unlikely to have the training needed to understand how to handle a broad level of access to your school’s IT systems responsibly. This increases the likelihood of accidental data breaches and other security incidents.
Think twice before using removable storage devices
USB sticks, SD cards and removable storage devices in general pose a threat to your cyber security. Viruses and malware can easily be transferred from one of these devices to a school computer or laptop, which could compromise the security of your entire IT system.
Data loss and theft are also more likely to happen with removable storage devices, as sensitive data can be quickly and easily copied onto a USB stick or SD card. If a member of your staff then loses the device, this could expose private information to unauthorised access.
All-encompassing cyber security for schools and academies
From the classroom to the playground, we can keep your school community safe online with our comprehensive cyber security services.
Contact us today to chat to our cyber security specialists.