DfE launches cyber security scorecard for schools

Schools will be able to access a free new cyber security tool from the DfE which measures the robustness of their online security measures.

Schools will be able to access a new cyber security tool for free which measures the robustness of their online security measures – before a full rollout in January.

The tool comes after the education sector was subjected to a number of high-profile cyber attacks during the pandemic which resulted in lost financial records, deleted coursework and thousands of pounds worth of recovery costs, according to a report in Schools Week.

The Department for Education’s ‘Cyber Secure’ tool will be piloted between September 16 and October 9. It will be launched fully early next year.

It is a free and anonymous self-assessment tool which allows schools to assess their cyber security measures through a grading system of 0 to 5.

Schools minister Nick Gibb first announced the tool back in March – when he revealed the sector has been struck by more than 70 ransomware attacks during the pandemic.

He said the tool will “enable schools to assess their cyber security, helping school leaders and staff safeguard their pupils’ education.

“As schools and colleges use more technology than ever before it is vital that they have robust cyber security in place.”

The pilot is open to all schools and following the full rollout of the tool next year any school will be able to sign up for free.

The DfE said schools will be able to log into the tool anonymously and establish their security levels. They will also be able to compare their levels of security with local and national averages.

The government will not receive any information on specific schools but rather will get anonymised data – which will allow the DfE to take a proactive approach to increase security and resilience, it said.

The DfE has warned that schools are ‘critically dependent on technology and online services to function’. It added ransomware is the biggest cyber-related threat to our society, with an increase of attacks on schools in recent years.

In March, the National Cyber Security Centre (NCSC) warned schools to take further precautions following a spike in cyber attacks hitting the education sector.

That same month one of the country’s largest academy trusts – Harris Federation – fell victim to a targeted ransomware attack.

While the trust remained tight-lipped about the attack at the time, it later emerged attackers demanded $8m (£5.8m) in ransom, leaked school data onto the ‘dark web’ and cost Harris over £500,000 in repairs of equipment and staff overtime.

The DfE said its ‘Cyber Secure’ tool will provide schools with a structured framework for a good cyber security policy as well as signpost potential improvement.

The department has also undertaken a Risk Protection Arrangement (RPA) Cyber Risk Pilot with over 500 schools.

The pilot, which ends in March 2022, will support each school to achieve certification which helps to protect them against 80 per cent of the most common cyber attacks.

Each certified network will also receive £250,000 of commercial cyber cover for one year to ‘improve resilience’.


Featured Articles

UK police cyberattack a reminder of third party risk

Cyber criminals use back-door suppliers cyberattack to spread alarm through Britain's biggest police force

Building Cyber Resilience into ‘OT in Manufacturing’ webinar

Join Acronis' webinar, Building Cyber Resilience into ‘OT in Manufacturing’, 21st September 2023

Trustwave report on hospitality industry security threats

Nearly 31% of hospitality organisations have reported a data breach in their company’s history, according to a Trustwave cybersecurity report

Barracuda Managed XDR uses AI to uncover cyber incidents

Technology & AI

Imperva: 32% of work data breaches could have been avoided

Operational Security

Supply chain cyberattacks seen as catastrophic for business

Cyber Security