It is just over a year since the Department for Education included Cyber Cover as part of its Risk Protection Arrangement (RPA). Cyber Cover was added in response to growing concerns about Cyber Crime.
The RPA is an alternative to commercial insurance for public sector schools, which may save time and money. It offers comprehensive cover for a wide range of risks including property damage, business interruption, employer’s liability, public liability, and – with the addition of Cyber Cover – cyber-related incidents. It costs between £21 per pupil and £23 per pupil. This cost depend on whether your school is an academy or local authority maintained.
Crucially the addition of Cyber Cover last year means that schools are covered for £250,000 on any one loss, in any one membership year.
A cyber security incident can affect your schools ability to function. It can be very costly and time consuming to put right, which is why the Cyber Cover is so important.
As with any insurance policy, there are conditions which must be met in order for the school to be covered. This article outlines the conditions of cyber security cover.
Must have offline backups
The purpose of an ‘offline backup’ is to minimise disruption (or as much as possible) should any incident impact your live environment. Making sure you have and take regular backups of your data is incredibly important so it can be restored as quickly as possible.
Here are a few tips to consider:
- identify the essential data, without which your school cannot function
- keep your backup seperate from the computer on which it resides
- restrict access to the backup
- consider cloud backups
- protect all devices on the network with a firewall
- backups should be taken daily
- the 3-2-1 rule of backups should be followed (3 copies, 2 devices, 1 offsite)
The RPA cover includes any actual or suspect unauthorised access to any computer or systems. Concerns can be raised to a dedicated helpline 24/7 via 0800 368 6378 or RPAresponse@CyberClan.com.
All employees or Governors who have access to the Member’s information technology system must undertake NCSC Cyber Security Training
It’s important to ensure all staff members have cyber security awareness as this will help keep them vigilant towards the latest threats. This is why it is a requirement condition for all employees and Governors to undertake the free NCSC Cyber Security training.
The training material uses real-life case studies to help teachers and staff members to understand how cyber incidents can affect a school environment. It comes in two formats:
- a scripted presentation pack for group delivery
- a self-learning video for staff to complete
At the end of the training, it is important to complete the training certificate so you can demonstrate your cyber security awareness training.
It is also important to stress that all employees or governors who have access to the technology system must undertake NCSC training annually.
Must register with Police CyberAlarm
Police CyberAlarm is an award winning free tool, provided by the local police force which helps to monitor and report suspicious cyber activity.
The important caveat to remember is that you only need to register with Police CyberAlarm. You do not have to install the CyberAlarm software, however we would recommend that you do so. This will allow the software to gather data which can identify any malicious activity or if an attack has taken place. It can also help to identify misconfigured firewalls.
The Police CyberAlarm issued this public statement in June 2022. This will hopefully allay any concerns you may have and they can be contacted directly by emailing enquiries@cyberalarm.police.uk.
Must have a Cyber Response Plan in place
You need to make sure that you have a Cyber Response Plan in place. A template is available to download from the NCSC website.
Putting a plan in place will help you make good decisions under pressure should a cyber incident occur. It is a critical step towards a robust and effective incident management and technical response.
A basic plan should include:
- key contacts – including the 24/7 dedicated helpline 0800 368 6378 or RPAresponse@CyberClan.com
- escalation criteria – making sure people have the knowledge and authority to make critical decisions
- a basic flowchart or process – that guides and informs co-ordinating functions
- at least one conference number
Remember, a secure school is a successful school. Don’t wait until it’s too late – safeguard your school against cyber threats today with the RPA’s Cyber Cover.
Do you need any help with joining the RPA or with your schools Cyber Response Plan? We love working with schools to help keep them safe from Cyber threats. We actively work with schools to ensure that their staff members and governors have taken part in the training even if they are not part of the RPA.
Why not schedule a 15-minute no-obligation conversation with our team today to see how we can help.
Not ready to make the call? Why not check out these great articles: