Skip to main content
15 May, 2023

DfE School Guidance – Meeting Cyber Security Standards

15 May, 2023

Is your school meeting the DfE’s Cyber Security Standards?

In May 2024, the Department for Education updated their guidance to schools regarding how to meet digital and technology standards. This standard specifies the minimum requirements for cyber security, user accounts and data protection.

The education sector is under increasing pressure to ensure the effective practice of cyber security measures. When cyber security incidents occur, they impact the day-to-day running of schools, lead to sensitive data loss and cause reputational damage.

Implementing the DfE’s Cyber Security Standards will protect your school from threats and prepare your school should a cyber security incident occur. At Tel Group, we are able to work with your school to fulfill the DfE cyber security standards.

The DfE set out 7 requirements your school needs to meet:

1. Conduct a cyber risk assessment annually and review every term 

You should work with your internal and external IT teams to action this standard. You should create a risk management process and cyber response plan to help fulfil this standard.

2. Create and implement a cyber awareness plan for students and staff 

Well-informed users are the best line of defence against cyber criminals. Many cyber incidents and attacks target common processes and human behaviours when using digital technology.  Your IT team should create a cyber awareness plan for all students and staff to access and learn.

3. Secure digital technology and data with anti-malware and a firewall

Creating and maintaining the security around your digital technology and data is a critical line of defence against a cyber incident or attack. Once a virus or hacker is in your system, they will look for a way to exploit other vulnerabilities. With sufficient anti-malware and firewall in place, your school will be able to block this.

4. Control and secure user accounts and access privileges

Protecting user accounts and related data is a critical line of defence against cyber incidents and attacks. Following this standard will ensure personal data and digital technology are as safe and secure as they can be and students, staff and third parties only have access to the things they need. 

5. License digital technology and keep it up to date

All digital technology must be licensed. Digital technology includes software programmes, operating systems and applications running on devices and servers, or online cloud services.  This must be licenced so you can receive updates and upgrades which enhance your use of digital technology, receive bug-fixes and enhancements and get support if you need it where this is provided through your license agreement.

6. Develop and implement a plan to backup your data and review this every year  

Schools and colleges are now more reliant on digital technology and data being stored in different locations (such as cloud services). Not all of these will be backed up to meet the needs of the school or college (for example, cloud services will only backup your data for a limited time period), so you need to have a backup plan to meet your diverse needs. 

This standard will help your school or college to, recover important data and systems to continue teaching and resume normal business operations in the event of a cyber incident or attack, manage recovery of damaged or lost files and be compliant with data protection legislation. 

7. Report cyber attacks

A cyber incident or attack will often be an intentional and unauthorised attempt to access, change or damage data and digital technology. They could be made by a person, group, or organisation outside or inside the school or college. 

Everyone is responsible for and should report a cyber incident or attack to their IT support and senior leadership (SLT) digital lead. 

Following this standard means that an investigation can begin immediately which will help inform what actions a school or college need to take to deal with an incident or attack, the damage to data and digital technology can be limited, issues can be identified and resolved quickly and appropriate people, such as the police or IT support, can be brought in to respond to the incident or attack.

When should you meet the standards?

All standards should be implemented as soon as possible, and you should already be meeting several standards, particularly in relation to the data protection regulations. With cover for cyber security incidents now added to the threats covered by the RPA, meeting these standards will also help you comply to the conditions of your cover.

How can we help?

We are able to guide your school through these guidelines and help you implement a cyber security strategy most suitable for your school. We can help assess your school’s cyber resilience, prioritise critical risks, back up your data, provide assurance and achieve network security.

When your school is ready to enhance your network and adhere to DfE standards, Tel Group will be here to guide you through it.

The DfE set out eleven categories your school needs to meet: