Most schools regard cyber security seriously but many need to take further steps to strengthen their arrangements, according to new research.
The National Cyber Security Centre (NCSC) and schools technology provider the London Grid for Learning (LGfL) have published a report on the issue after carrying out an audit of 432 schools around the UK earlier in the year.
Among the key findings was that 98% and 99% respectively have antivirus and firewall protections in place and 85% have a cyber security policy or plan.
But there are shortcomings in other areas: only 45% include core IT services in their risk register; just 41% have a business continuity plan; 35% train non-IT staff in cyber security; there is relatively low use of practices such as mobile device management and two-factor authentication; and only 49% are confident they are adequately prepared for a cyber attack.
This is despite a high awareness of the risks, with 97% saying losing access to network connected IT services would cause considerable disruption, 92% wanting more cyber security awareness training for staff, and 83% having experienced at least one incident.
Need for tools and advice
Writing in the report’s foreword, NCSC’s deputy director for economy and society Sarah Lyons says: “Alongside these important digital services, our schools also hold considerable amounts of sensitive personal information on parents, children and staff so it’s more important than ever that schools have access to the appropriate tools and advice to help them keep this valuable information safe.”
NCSC has indicated that it now plans to develop guidance to help schools strengthen their cyber security. This involves working with industry partners on a training package for schools, although it also urges them to use its landing page for small to medium sized organisations.
Image from NCSC, Open Government Licence v3.0