Cyber Security in Schools: Passwords & Human Firewall
In this sixth blog in the series we look at User Privileges, following the guidance from the UK National Cyber Security Centre (NCSC). We explore how...
3 min read
9ine : Jul 24, 2019 12:11:29 PM
In this fifth blog in the series, we look at Incident Management, following the guidance from the UK National Cyber Security Centre (NCSC). We explore how schools can ensure that with well structured, clearly written incident plans and procedures, they can reduce the impact of a cyber attack and ensure that key systems and services are up and running as soon as possible, minimising the impact on the users and supporting business continuity. With each blog in this series, we are building upon every stage of the NCSC’s 10 Steps to Cyber Security, and in turn, providing our independent recommendations, examples and guidance.
In our previous blog, User Awareness - How To Help Your Users Protect Themselves & The School Network! we discussed how structured and regular training, alongside clear policies and procedures, can go a long way to stopping some attacks in their tracks before they hit the network. This blog goes hand-in-hand with the above and provides schools with a greater understanding of how effective plans and procedures reduce risk and provide a safer working environment.
By following these recommended steps, you will be able to evidence that your school has the appropriate mechanisms in place to reduce the impact of a cyber attack and support business continuity. By providing your end users and IT teams with plans and procedures aligned to your business continuity plans, you will demonstrate that the school is ensuring both the availability of data, and is providing resilience through an organisational process.
Before we go any further, do you know the answers to the following questions?
Register for a free 14-day trial of the 9ine App and transform the way you manage data privacy and protection.
If you are unsure of any of the above, you need to follow the next 5 steps...ASAP!
Following the above will ensure that you have the capacity and capability to deal with an incident effectively. Once you have this in place, have tested the plan and are confident that your users understand the process, follow the next set of steps.
In the steps above, you have captured the reaction to the incident, now let's look at the response. Some incidents will require that data, systems and/or services need to be restored or repaired, and others will require local authorities or regulators to be informed. You now need to:
6. Ensure that you have a robust method for categorising incidents and understand when an incident needs to be reported, and with whom (data protection, local authorities etc.)
7. Review business continuity plans and disaster recovery plans to ensure they are aligned. Any areas where your disaster recovery plan does not align with the business continuity plan, need to be addressed.
8. Test the disaster recovery plans to ensure that you can restore data and repair systems or services in a timely manner (remembering availability of personal information, or lack of, in some circumstances is a reportable breach). Test the business continuity plans cover any downtime of services.
9. Put a policy and procedure in place to ensure that all incidents and their responses are reviewed in order to identify areas of the process that need further review or rectification. Lessons learned will provide efficiency and will ensure that any ambiguity, or areas where users were unsure of what to do, are addressed.
9ine’s Incident Management software empowers you with a dependable, self-governed framework to proactively manage an incident and protect the best interests of your staff, students and reputation. It provides you with a visual representation of risk, making it exponentially quicker for you to understand who is impacted and what's at stake. 9ine’s platform is designed to avoid ambiguity so you can quickly and categorically assess if an incident constitutes a breach, its scale and if it’s reportable. Unlike other platforms that leave you in the deep end, with Incident Management you have the tools to also record and implement a successful recovery plan. Use 9ine’s integrated Incident Management and Task Management tools to confidently manage an incident without having to rely on costly external consultancy. Create and assign tasks, notify internal stakeholders and recover from an incident quicker and more successfully than ever before. Start your free trial today.
ABOUT THE AUTHOR:
Dan Cleworth has worked in education for over 20 years. He is a Senior Technical Consultant and certified GDPR practitioner. Dan heads up 9ine's cyber security team and currently works with schools in the UK, Europe and the Middle East to evaluate and secure systems and services to meet data protection and cyber security compliance.
In this sixth blog in the series we look at User Privileges, following the guidance from the UK National Cyber Security Centre (NCSC). We explore how...
Cyber Security Guidance from the Charity Commission
1 min read
How is A Vulnerability Assessment achieved? In our last blog, “How secure is your school from Cyber attacks?” we outlined that schools need to move...