Schools, colleges and universities are increasingly being targeted by cyber criminals. A report from the National Cyber Security Centre (NCSC) in 2019 found that 83% of schools in the UK had experienced at least one type of cyber security incident, despite 98% having antivirus and 99% having firewall protection in place.
To help organisations protect themselves against common online threats, the Government developed the Cyber Essentials scheme in 2014. With many teaching institutes now operating more digitally than ever before, the need to be cyber aware has never been more prevalent; and, obtaining a Cyber Essentials certificate has now become a requirement for the education sector.
Why is this important?
The NCSC report also revealed that less than half of schools (49%) were confident that they were adequately prepared in the event of a cyber-attack. In addition, the Cyber Security Breaches Survey 2020 found that 54% of further education institutes, 11% of primary schools and 13% of secondary schools identified breaches or attacks at least once a week. What’s more, 57% of those further education establishments, 23% of primary schools and 32% of secondary schools had a material outcome from the breaches, such as a loss of money or data.
The Cyber Essentials scheme, which is operated by the NCSC, helps the education sector, and business across the UK, to protect themselves against the most common cyber threats. It also demonstrates a school’s, college’s or university’s commitment to being safe and secure online.
What is Cyber Essentials?
Backed by the Federation of Small Business (FSB) and Confederation of British Industry (CBI), it has two levels of certification – Cyber Essentials and Cyber Essentials Plus.
Cyber Essentials
This self-assessment option allows you to review your system against the most common cyber threats and attacks. A qualified, independent assessor will then verify your evaluation.
Cyber Essentials shows you how to address the basic tactics that are frequently used by hackers. This is vital in today’s digital world, as vulnerability to simple attacks can make your organisation a target to criminals. Plus, many of these hackers seek out organisations which don’t have Cyber Essentials controls in place.
By completing the self-assessment, it gives you peace of mind that you are able to protect yourself against cyber-attacks.
Cyber Essentials Plus
Cyber Essentials Plus is a much more rigorous test of your organisation’s digital security systems. In addition to the self-evaluation, this extra level of reassurance also involves an assessor carrying out an independent technical audit of your systems to verify that the Cyber Essentials protocols have been implemented.
The Cyber Essentials Plus audit must be carried out within three months of you completing the Cyber Essentials basic certification. The assessor will pick a random selection of your systems to audit, they will then make a decision as to whether any further testing needs to be carried out.
Which is the best option?
It depends on your education establishment’s needs, risks and funds. Cyber Essentials is a cheaper option, costing around £300 plus VAT, whereas Cyber Essentials Plus comes at an additional cost, which is dependent on the size and complexity of your online network.
Both options can be carried out by the NSCS’ Cyber Essentials Partner, the IASME Consortium.
Extra protection with Cyber Insurance
While the Cyber Essentials scheme provides you with the basics to spot a cyber-attack, would you know who to contact if criminals were to hack your system? Cyber Insurance can provide you with a safety net should you be the target of cyber-crime.
To discuss how we can help you stay safe online, please do not hesitate to get in touch with one of our insurance specialists today.