Cyber Security – Next Steps

Following on from our last series of tips for quick, free and easy wins, we will now look at a few even more effective security controls which can be implemented with some time and effort.

1 – Educate the Educators!
In the previous series we looked at one-off resources to provide awareness and guidance to your staff. When taking the next step in your security journey, think about how you can provide regular awareness, updates on latest threats and interactive exercises. This could include Phishing simulations and regular “byte sized” security content.

2 – Two is Better Than One:
Multifactor Authentication (MFA) is one of the best protections you can put in place to secure your cloud-based systems and data. It can be logistically challenging to setup in a school environment but there are a range of different approaches which can be (and should be) considered.

3 – What’s Your Policy?
Having a defined cyber security policy shows clear intention to understand and manage cyber security threats. It’s not just the end product but the process of developing your policy which will be valuable in improving you security posture.

4 – Back it Up, Back it Up!
In the event that attackers do gain access to your systems or files, it is imperative that you have backups in place to avoid widespread data loss. This backup should follow the 3-2-1 principle, with 3 copies of your data, on 2 different mediums, with one “offline” copy kept separate from your live environment.

5 – Stop the Sticks:
USB sticks and external drives are in common use across schools but these devices can inadvertently harbour viruses and piggy back them into the school’s network and past the external defences. There should be sufficient file storage and transfer solutions in place such that USB storage can be disabled without causing too many issues to staff.

6 – Keep an Eye Out:
Part of cyber security management is considering scenarios whereby attackers have already accessed your systems. While often needing to make a trade off between system costs and management overheads, you should consider what monitoring and logging you have on your network to detect unusual and malicious activity. There are generally features and modules to deliver this across email, backup and network monitoring systems. There are also dedicated tools which focus on this task specifically.

Hopefully you found this blog and series of posts useful and informative.