Is your school cyber security ready?
Following the Department of Education’s release of the new additions to the School’s Risk Protection Arrangement (RPA),
Schools must know the conditions members must meet to be eligible for the cover.
What does the “cyber”
element of the RPA cover?
However! We are here to help raise awareness of two important points:
1. There are conditions the School needs to meet to be eligible for the cover
2. Does the School have procedures in place to identify an incident?
Many organisations have business continuity plans, but in a modern school environment,
how many schools have business continuity plans that include cybersecurity threats and incidents?
Part of business continuity planning should include a disaster recovery plan or, in layman’s
terms, the ability to get “back to normal” after an incident has occurred.
If your School has backups, that’s good! But are your backups in the cloud? This is an important point, as it is a condition of the RPA eligibility that you have “offline” backups. Do you know how your backups are kept? If not, Ascot London can help.
Great! So you have an offline backup!
But are you backing up the right data? How often do you review and test your backups?
Having the proper procedures in place includes identifying when an incident is occurring, but it also needs a process to review and verify if your disaster recovery plan will work. We can help you through non-technical training for your Senior Leadership Team or executive board to plan if you are backing up the right data.
We have been asked the questions in the past, “Surely you just backup everything, right?” and “IT will just handle that for us, won’t they?”
Ascot London can work with your SLT to create plans and processes for smooth and timely restoration.
Review, testing and timing can also be planned into your regular service schedules with Ascot London.
Could your staff spot a ransomware attack? Would they know what to do if they spotted a ransomware attack
occurring?
A security policy is only as valuable as the knowledge and efforts of those who adhere to it, whether IT staff or regular users.
Understanding the importance of computer and network security and building accountability for these concepts are critical for achieving the schools’ goals.
The new RPA states that all employees and governors with access to the school’s information technology systems must undertake the NCSC Cyber security training at the start of the school’s RPA membership year.
With this in mind, establishing security awareness principles and conducting personal security training are integral endeavours for any school, regardless of size.
Security awareness ensures that users are familiar with potential threat mechanisms, while training teaches them the strategies they must employ to prevent or respond to these threats.
Cybersecurity training for school staff
Staff are at the heart of every organisation, playing a pivotal role in keeping you secure and compliant. Whilst your
workforce can be one of your most valuable assets; they are also your most significant risk for cybercrime.
Over 90% of security incidents are now caused by cybercriminals targeting employees.
Our cybersecurity awareness training and testing are designed to help reduce incidents from cyber threats.
Ascot London Consulting and Ascot London can help your School deploy and manage this RPA requirement, as it is vital in the event of a claim that the member school can provide evidence that every person is required to have a pass certificate.
Offline backups and cyber security training are the absolute minimum requirement for the RPA cyber cover eligibility.
But as discussed above, business continuity and disaster recovery “are not tick-box exercises.”
Basic Package
NCSC Cyber security training
Silver Package
• NCSC Cyber security training.
• Auditing and guidance to help your organisation respond to and recover from incidents. Incident response planning,
supported by relevant processes and procedures, will lessen an incident’s impact and reputational damage.
• Our help with practising and testing your plans will help you make good decisions under the pressure of an actual incident.
(pricing upon application)
Gold Package
• Silver service package+
• Phishing testing and cybersecurity training to keep your staff vigilant and aware of current cyber trends and threats.
• Each service provides detailed reporting to enable customers to understand precisely how staff are performing and allows us to help target specific training where it’s needed. We also provide detailed reports to help your School secure compliance with; ISO27001, Cyber Essentials+ or UK GDPR standards.
(Pricing upon application)
Red-team training with senior leadership teams and executive bodies
Red-team training with senior leadership teams and executive bodies.
Red-team exercises for evaluating defences and response to cyber threats. Our goals are to assist in defending against cyber threats, including; assessing baseline measurement of an organisation’s cyber security readiness, running simulated
criminal attacks and exercises to test real-world responses to cyber threats.
The outcomes we help deliver from our training and exercises:
Evaluate its technical and human defences against specific targeted cyber threats
Establish a baseline for its protective and detective controls
Receive essential guidance for improved defences against targeted cyber attacks
Obtain real-world examples for staff security awareness education
Be able to assure stakeholders that data security and reputation are of the highest importance.
Strategic benefits are based upon lessons learned at each engagement stage, providing a basis for continual improvement in any organisation’s cyber defence strategy and controls. With increased staff awareness education, based on lessons learned from each exercise, optimising the effectiveness of the human firewall.
A crucial part of our ethos is that all security services should be effective and achieve results, so our services are a bespoke experience for every customer.
Information Governance
Our help to assess and enhance your control of the information that flows through your networks and information systems is an essential component of our approach.
Clear governance structures will define lines of responsibility and accountability.
Articulating these principles from a top-down approach will start your risk appetite journey, helping inform and structure your operation of essential functions so that decision-makers can make informed decisions about risk without needing to refer to decisions up the governance chain.
Cybersecurity awareness and training are mechanisms used to educate all stakeholders on the various cyber threats, how to recognise them and the steps to protect themselves and their organisations. The benefits and advantages are numerous.
What is the School's outcome?
It’s vital to have the proper training for the appropriate teams. This way, you know your resources are appropriately used and yield the best results possible. So you may be hesitant at first to equip your entire workforce with
cybersecurity training;
“After all, isn’t doing cybersecurity with your IT team sufficient?”
It’s proven that human error is the biggest cybersecurity threat coming from any corner of your organisation.
Here are just some of the many benefits of cybersecurity training for your entire
School:
- Awareness
- Threat reduction
- Increased security
- Avoidance of downtime
- Time and money saved
- Regulatory compliance
- Empowering your stakeholders
- High staff and stakeholder confidence
Each plan has excellent benefits, but making sure schools have the right resources for safer IT is important to us!
We provide practical resources to help schools improve their cyber security.
Whether it’s helping early years practitioners protect sensitive information, resources from posters to action-driven post-its or advice and assistance to your admin teams in understanding the risks in your supply chain and procurement. We’re here to help!