The Benefits of Certification for Schools
The preparation and process of getting certified to Cyber Essentials will give you a clear picture of your school’s cyber security and an opportunity to improve.
Achieving Cyber Essentials will give you the peace of mind that you have implemented the core controls that help prevent most cyber attacks.
Certification will reassure stakeholders that you take cyber security seriously.
Certification may attract additional funding and grants that stipulate Cyber Essentials as a prerequisite.
INCREASING CYBER RISKS FOR SCHOOLS
There is a concerning rise in cyber attacks against schools, these can take many forms, including phishing emails, malware from bogus websites and downloads, ransomware attacks and Denial of Service attacks .
A spike in ransomware attacks on UK schools, colleges and universities in September 2020 and again in February 2021 prompted the National Cyber Security Centre (NCSC) to issue a warning to the education sector, urging them to take action to protect themselves against these attacks.
The 2021 Government cyber security breaches survey found a third of schools that suffered a breach lost control of their systems, data or money, and the majority of schools had to allocate time consuming staff resources to deal with the breach. The NCSC advise schools to follow their guidance to ensure students can continue their education uninterrupted.
Most schools pride themselves on prioritising student safe-guarding and data protection. Cyber security is the third prong in that triad of school security and one that crucially underpins the other two. Improving your school’s cyber security will help you create an overall culture of security within the school.
WHAT IS CYBER ESSENTIALS?
Cyber Essentials is a simple but effective, Government backed scheme that will help you to protect your school, whatever its size, against a whole range of the most common cyber attacks.
The majority of cyber attacks are untargeted and use commodity tools to attack large amounts of devices, services and users at the same time in an indiscriminate way. Most cyber attacks are made up of repeated stages that are probing for further information or leads that can lead to a more targeted attack. These untargeted attacks exploit basic weaknesses that can be found in many organisations, such as poorly configured devices, software that hasn’t been updated and unsupported computer systems. Becoming Cyber Essentials certified will help a school defend themself against this type of attack. The process of putting in place the five core controls will eliminate the common security gaps that up to 80% of cyber attacks rely on.
Although the technical controls are the same, there are two levels of certification under Cyber Essentials: Cyber Essentials and Cyber Essentials Plus.
Cyber Essentials is an online verified self-assessment questionnaire which relies on you being able to understand the questions and know the answers. It’s a simple process:
- Someone representing the school or college first answers a set of questions about five basic security controls.
- A member of the school board then signs a declaration to confirm that all the answers are true.
- Finally, a qualified assessor reviews the answers provided.
The Cyber Essentials self-assessments are conducted on a secure on-line assessment platform.
There are no checks on your IT systems at this level and so the cost is only £300 + vat.
Cyber Essentials Plus
Cyber Essentials Plus includes the self-assessment questionnaire but also a technical expert will conduct an audit on your IT systems. This means that if there were issues that you were not aware of when you answered the self-assessment questions, these would be picked up during this audit. As this assessment needs time from technical experts, it is more expensive than the Cyber Essentials assessment. A quote for Cyber Essentials Plus can be applied for via the IASME website.
NOT READY TO CERTIFY?
Sometimes, schools are unsure about where to start to prepare for Cyber Essentials.
We have created a simple tool to help you prepare for Cyber Essentials called the Cyber Essentials Readiness tool.
The Readiness tool will gauge your current level of cyber security and provide you with an action plan supported with detailed guidance. It operates as an online series of questions that lead you through the main parts of the Cyber Essentials requirements. These questions are designed to help you think about Cyber Security within your school and each question will prompt you to consider a different aspect of security. If there are areas where you need to put more controls in place, you will get a link to guidance about how to make those changes.
This readiness tool is the step that comes before taking the Cyber Essentials self-assessment. It will start you on your journey towards becoming Cyber Essentials certified. Although you may have completed the questions in the readiness tool, it doesn’t automatically mean you will pass the Cyber Essentials assessment. The platform has been designed to give you a list of items to consider, in preparation for the Cyber Essentials assessment.
GUIDANCE DOCUMENTS FOR SCHOOLS
There is a list of guidance documents for schools that are available for you to download and print off if required. These cover subjects from the five core controls to specifications and policies that are uniquely for schools. Please find the step-by-step guide to help you navigate your way through the different stages of achieving Cyber Essentials.
Below the guidance and support documents, you will find a list of recorded webinars that address the issues related to Cyber Essentials for schools in video presentation format.
THE RPA PILOT FOR SCHOOLS
IASME is running a Cyber Essentials pilot for schools with the Risk Protection Arrangement (RPA). The RPA is an alternative to commercial insurance for public sector schools in England. It aims to protect public sector schools against losses due to unforeseen and unexpected events. You can find details of what the RPA covers and how to become a member at The risk protection arrangement (RPA) for schools – GOV.UK (www.gov.uk).
NEED SUPPORT WITH YOUR ASSESSMENT?
Some of the Cyber Essentials self-assessment questions can be difficult to understand if you do not have a technical IT background or if your school has a complex structure. IASME has trained a number of qualified cyber security companies who will be able to help you understand the assessment questions, how they relate to your company and what steps you need to take in order to achieve certification. These Certification Bodies are trained and licensed to certify against the Government’s Cyber Essentials Scheme and they are also available to offer consulting services to help you achieve these certifications.
You can engage with one of our Certification Bodies and they will be able to provide you with support in the assessment process. Please note this support is not funded by the RPA pilot.
OUR CERTIFICATION BODIES CAN HELP
Search for a certified organisation
Find Out More
Have a look at our Frequently Asked Questions or speak to our team