DfE launches cyber security scorecard for schools

Schools will be able to access a new cyber security tool for free which measures the robustness of their online security measures – before a full rollout in January.

The tool comes after the education sector was subjected to a number of high-profile cyber attacks during the pandemic which resulted in lost financial records, deleted coursework and thousands of pounds worth of recovery costs, according to a report in Schools Week.

The Department for Education’s ‘Cyber Secure’ tool will be piloted between September 16 and October 9. It will be launched fully early next year.

It is a free and anonymous self-assessment tool which allows schools to assess their cyber security measures through a grading system of 0 to 5.

Schools minister Nick Gibb first announced the tool back in March – when he revealed the sector has been struck by more than 70 ransomware attacks during the pandemic.

He said the tool will “enable schools to assess their cyber security, helping school leaders and staff safeguard their pupils’ education.

“As schools and colleges use more technology than ever before it is vital that they have robust cyber security in place.”

The pilot is open to all schools and following the full rollout of the tool next year any school will be able to sign up for free.

The DfE said schools will be able to log into the tool anonymously and establish their security levels. They will also be able to compare their levels of security with local and national averages.

The government will not receive any information on specific schools but rather will get anonymised data – which will allow the DfE to take a proactive approach to increase security and resilience, it said.

The DfE has warned that schools are ‘critically dependent on technology and online services to function’. It added ransomware is the biggest cyber-related threat to our society, with an increase of attacks on schools in recent years.

In March, the National Cyber Security Centre (NCSC) warned schools to take further precautions following a spike in cyber attacks hitting the education sector.

That same month one of the country’s largest academy trusts – Harris Federation – fell victim to a targeted ransomware attack.

While the trust remained tight-lipped about the attack at the time, it later emerged attackers demanded $8m (£5.8m) in ransom, leaked school data onto the ‘dark web’ and cost Harris over £500,000 in repairs of equipment and staff overtime.

The DfE said its ‘Cyber Secure’ tool will provide schools with a structured framework for a good cyber security policy as well as signpost potential improvement.

The department has also undertaken a Risk Protection Arrangement (RPA) Cyber Risk Pilot with over 500 schools.

The pilot, which ends in March 2022, will support each school to achieve certification which helps to protect them against 80 per cent of the most common cyber attacks.

Each certified network will also receive £250,000 of commercial cyber cover for one year to ‘improve resilience’.