Cyber for School Leadership

Thank you for attending a cyber security session for school leadership with the SEROCU Cyber Protect team. If you have any feedback at all, we would love to hear it in order for us to develop and tailor our resources.

We would love for you to take just a couple of minutes to complete a survey about the presentation. There are thirteen short questions, mostly multiple-choice. This opens in a new window – close it once complete.

If you have outstanding questions you can also email us at:

For details of our Inset Day training programme for Staff and those with a Safeguarding or Pastoral role, please visit our Cyber for Schools page.

DfE Standards for Schools & Colleges

The Department for Education has published a standard for schools & colleges to meet. The best approach to cyber security is to undertake a comprehensive review involving setting appropriate policies and procedures, identifying critical and non-critical operational processes within the school, identifying all assets including people and data that are used in those processes, assessing the threats, vulnerabilities and risk to each asset and then implementing controls to manage the risk. This review would be a journey over a longer period of time, so ensuring compliance with the DfE standard is a great way of reaching a baseline of good cyber security.

Action List

Securing Accounts

  1. Review and implement a better password policy
  2. Teach staff how to use good passwords
  3. Implement Two-Factor Authentication on key systems (and everywhere else if possible)


Securing Data

Protecting data starts with understanding:

  • What data you hold
  • What data is sensitive
  • Who needs access to that data
  • How that data is used
  • When that data is used
  • How access is controlled
  1. Implement a process for user account review
  2. Implement periodic reviews of access permissions
  3. Ensure there is no use of shared accounts

Networks and Systems

  1. Ensure the network is mapped and assets identified
  2. Incorporate asset lifecycle into long-term budget planning
  3. Ensure robust update policy exists
  4. Ensure all assets have an owner and risks are understood


Remote and Cloud Working

  1. Review Remote Working policy and controls
  2. Review cloud policy and controls for suitability


Defending Systems

  1. Review antivirus deployment – needs and coverage
  2. Minimise phishing risks using technical methods
  3. Train staff about phishing risks and reporting


Incident Response

  1. Develop incident response plans for likely threat types
    1. Start with plans on the most likely threats:
      • Phishing
      • Malware
      • Ransomware (as specific plan)
      • Network or system intrusion
      • Data breach or loss
      • Denial of Service
      • Fraud
    2. For each plan, think about:
      • How you are likely to detect the problem
      • The systems or people the incident is likely to affect
      • The impacts of such an incident – and how they could be mitigated
      • How you might isolate the problem and stop the spread
      • Who you would call for assistance – and how
      • How you would gather more information for responders
      • Steps to recover from the incident
      • How you would learn from the incident and improve the plan
  2. Review backup solutions for adequacy and testing


Safeguarding Pupils

  1. Teach Pupils about using technology safely, lawfully and ethically


Other Information

National Cyber Security Centre Resources:

  • Small Business Guide (suitable for smaller schools or those just starting to think about cyber)
  • 10 Steps to Cyber Security (suitable for larger schools or those who are more mature in cyber)
  • NCSC Early Warning Service – Early Warning helps organisations investigate cyber attacks on their network by notifying them of malicious activity that has been detected in information feeds.

Reporting Cybercrime:

Action Fraud – for reporting any Fraud or Cybercrime – includes 24/7/365 helpline for a live cybercrime


SEROCU Cyber Security Training for Staff and DSLs

Police CyberAlarm – coming May 2021 to the South-East; free to use threat monitoring and reporting service for organisations, with free external and website vulnerability scanning services as well

South-East Cyber Resilience Centre – joint Police and private-sector not for profit organisation, providing advisory services, low-cost cyber security services and referral to vetted and approved service providers.