Meeting Cyber Security cover for School Risk Protection Arrangement (RPA) - CYBER INSURANCE IN SCHOOLS
SCHOOLS ARE FALLING FOUL OF CYBER SECURITY WHEN RENEWING THEIR SCHOOL RISK PROTECTION ARRANGEMENT (RPA) LEAVING THEM EXPOSED TO MAJOR RISKS.
Unfortunately, we have recently seen many schools having problems with their Cyber Security cover for their School Risk Protection Arrangement (RPA) or Cyber Insurance.
Many schools do not understand their legal requirements and often do not follow best practices. Schools are now being refused Cyber Insurance, leaving them open to significant risk.
CyberAwake has constructed information to help you ensure that your school gets covered, follows good practice and understands the legal ramifications of non-compliance.
Our 5 Point guide explains the five most common problems we see in schools.
1/ utilise Offline Encrypted backups
Because of the large amount of data stored at the school, schools traditionally have backed up to servers on the school premises, these boasting the most rapid recovery.
However, we are finding some insurance companies are no longer accepting this. Modern Malware could affect all of the servers and also the backup within the school.
Schools should incorporate offline backups outside their school in their backup and DR Strategies; this offline data must be appropriate, encrypted and in the cloud or on physical devices like tapes or portable hard drives.
What about the Cloud ?
Data on Microsoft 365 is on the cloud and incorporates some disaster recovery features out of the box. However, it doesn’t have an offline backup of your data. You are at risk if you synchronise files between your school computer and the cloud. You should implement a cloud-based Microsoft 365 backup system.
If you have 3rd party cloud systems, you will need to consider them independently and ensure they store your data in a GDPR region datacentre and in an encrypted state when static.
Cyber Risk in Schools
2/ All School Employees and Governors must have undertaken training in Cyber Security Awareness.
Ideally, on your next staff inset days or after school, a Cyber Security Expert with expert Schools knowledge should train your team. Our training courses are remote trainer-led or onsite with a mixture of our online course content.”
Your team should be trained in the specific Schools course published by the National Cyber Security Centre. There is also a certificate of completion.
We have a video link you can watch for training reinforcement or personal learning.
Your ICO Officer (See Below) and some members of your SLT should also undertake an enhanced online learning course.
3/ Register your school with the ICO.
The Information Commissioners Office is a government body that keeps a register of organisations and their data. Your nominated school ICO officer should have the training to understand your legal requirements.
All schools should be registered with the ICO office; as you process data digitally, there is also a legal requirement to monitor and actively keep them updated on what sort of data you are storing, how you use it, and, most importantly, how you destroy data.
There is an annual fee for ICO registration.
You cannot use digital CCTV recordings as legal evidence unless you are registered the use with the ICO.
CyberAlarm is a Home-Office funded and dedicated to schools.
4/ Register with CyberAlarm
CyberAlarm is a Home-Office funded scheme which monitors for malicious Cyber Security events on your school’s IT; It even alerts your local Cyber Crime division of the Police during an attack. It facilitates full reporting and event log management.
It does require technical setup of your Microsoft 365 and On-Premises servers; you should use a CyberAlarm IT expert to implement and set up the internal components and endpoints needed to run the service.
If you are using a Local Government School WAN, for example, emPSN, a specialist provider, should be used for the network transversal to CyberAlarm.
5/ Cyber Response Plan & Policy must be in place.
Schools should adapt their IT Disaster Recovery Plans to include precise details of Cyber Response.
Cyber Security is a specialist role and not general IT Support. So, it would be best not to rely on your existing IT support company unless they are Cyber Security Experts; effective Cyber Response typically falls outside their contractual agreement.
You need to ensure and prove they have the in-house skills to box in and contain a cyber-threat and recover you and do the forensic work required by the authorities.
What processes are your insurance company or governors putting into place before you admit liability?
What is the process of informing your parents and staff of a data breach?
Do you have a legal requirement to do so?
A Cyber Security Expert should work with you to write and adapt your existing policies to meet the Risk attitude and adequate recovery time of your Head and Senior Leadership Teams.
How does your school deal with a Cyber Incident?
Contact a Cyber Security Expert for Schools.
We help schools UK-wide adopt best practices in Cyber Security.
For a Free No-Obligation Consultation by a Schools Cyber Security specialist, call 01522 508089 or fill in the form for a call back.
Offices in Lincoln & Nottingham and directly connected to emPSN.
Why Choose Us?
We will find and actually help you fix security issues
Tutor Led or Remote Learning Options
Available to Heads, SLT and Staff
We Will Support You & Your Team
