NEN Cyber Security Guidance for Schools

Schools, just like other commercial and public sector institutions, are reliant upon both their local IT systems and networked services delivered over their broadband connection for day-to-day operations and activities. While these technologies bring a huge range of opportunities and benefits, they also bring risks, one of those is a cyber attack.

The most common are shown in this infographic from the National Cyber Security Centre (NCSC) site and covered in more detail in their Common cyber attacks: reducing the impact paper (2016) where they note that every organisation is a potential victim – and schools are no exception:

All organisations have something of value that is worth something to others. If you openly demonstrate weaknesses in your approach to cybersecurity by failing to do the basics, you will experience some form of cyber attack. (p5)

The aim of this guidance document is twofold:

– to provide senior managers with a broad overview of the range of cyber threats, which any organisation is open to when they use networked services over a broadband connection and

– to direct senior managers to tools which can be used to develop and document an approach to cybersecurity which protects themselves, their school, and their users. This may take the form of a dedicated cybersecurity policy document, or by embedding statements, as appropriate, in other policy documents – such as the Acceptable Use Policy, for example. Further references to a cybersecurity policy should be taken to cover both these possible formats.

Download Guidance as pdf