DfE Cyber Secure tool

Schools can now strengthen their cyber security readiness for free thanks to a new online tool which rates the robustness of their online security measures.

The Department for Education’s “Cyber Secure” tool, being piloted between now and October 9, is a free, anonymous, self-assessment tool which allows schools to assess their cyber security readiness through a grading of 0-5.

Schools minister Nick Gibb first announced the tool earlier this year when, at the same time, he revealed the sector has been victim of more than 70 ransomware attacks during the pandemic. He said Cyber Secure will enable schools to assess their cyber security, helping school leaders and staff safeguard their pupils’ education.

The pilot is open to all schools and following the full rollout of the tool next year any school will be able to sign up for free. The DfE said schools will be able to log into the tool anonymously and establish their security levels. They will also be able to compare their levels of security with local and national averages. The government will not receive any information on specific schools but will get anonymised data – this will then allow the DfE to take a more proactive approach to increase security and resilience.

In March, the National Cyber Security Centre (NCSC) warned schools to take further precautions following a spike in cyber attacks hitting the education sector. That same month one of the country’s largest academy trusts – Harris Federation – fell victim to a targeted ransomware attack. It is believed that the cyber agents demanded $8m (£5.8m) in ransom and leaked its data onto the “dark web”. It cost the Federation more than £500,000 in IT repairs and overtime.

The DfE has also undertaken a Risk Protection Arrangement (RPA) Cyber Risk Pilot with over 500 schools. The pilot, which ends in March 2022, will support each school to achieve certification which helps to protect them against 80 per cent of the most common cyberattacks. Each certified network will also receive £250,000 of commercial cyber cover for one year to ‘improve resilience’.

For further information and / or to discuss cyber security measures for your place of work, please contact a member of the NEBRC on enquiries@nebrcentre.co.uk