InfoSec / Cyber

    You are here:  
  1. Home
  2. InfoSec / Cyber
  3. October 31. On the road to improving cyber resilience
"A graphic announcing 'October is Cyber Security Awareness Month,' with text explaining the importance of creating a cyber emergency contact list in preparation for a cyber attack. It also includes a 'Cyber tip' to assess passwords, turn on MFA, and review critical accounts, especially email. A shield icon with a checkmark and a lightbulb icon are visible."
Information/Cyber Security

October 31. On the road to improving cyber resilience

As Cyber Security Awareness Month draws to a close, it's important to recognise that cybersecurity isn't a destination; it's a continuous journey. For organisations, particularly those in the education sector, this journey often involves working towards recognised standards and certifications. In the UK, Cyber Essentials and Cyber Essentials Plus are government-backed schemes designed to help organisations protect themselves against common cyber threats. For schools, the Department for Education (DfE) Digital Standards provide additional, tailored guidance.  The Government has recently published their Cyber Assessment Framework for further best practice guidance.

Cyber Essentials: This foundational certification focuses on five key technical controls:

  1. Firewalls: Securing internet connections.

  2. Secure Configuration: Ensuring systems are set up securely.

  3. User Access Control: Managing who has access to data and services.

  4. Malware Protection: Protecting against viruses and other malicious software.

  5. Patch Management: Keeping devices and software up to date. Achieving Cyber Essentials demonstrates a commitment to basic cyber hygiene and significantly reduces risk.

NCSC: About Cyber Essentials
Updated Cyber Essentials by IASME

Cyber Essentials Plus: This is a more rigorous, audited version of Cyber Essentials. While Cyber Essentials relies on self-assessment, Cyber Essentials Plus involves a hands-on technical verification carried out by an independent third party, providing a higher level of assurance.

DfE Digital Standards for Schools: Recognising the unique challenges faced by educational institutions, the Department for Education has developed specific digital standards. These build upon the principles of Cyber Essentials, providing tailored guidance on areas like:

  • Data Protection: Handling sensitive student and staff data securely.

  • Network Design: Segmenting school networks for better security.

  • Software Licensing: Ensuring legitimate and supported software.

  • Staff Training: Emphasising specific awareness needs for the education sector.

  • Cloud Security: Guidance on securely using cloud services.

Cyber Assessment Framework

The Cyber Assessment Framework (CAF) is cyber security guidance for organisations that play a vital role in the day-today life in the UK and organisations should look to it as guidelines for helping keep data safe.

The CAF is a tool to help organisations assess and improve their cyber security and resilience, managing cyber risks and protecting essential services from cyber threats.

The CAF is primarily designed for organisations operating essential services, in sectors such as energy, healthcare, transport, digital infrastructure and government - this includes schools and colleges.

The CAF collection is for all organisations that are responsible for securing critical network and information systems that keep our businesses, citizens and public services protected.

The CAF collection is aimed at helping an organisation achieve and demonstrate an appropriate level of cyber resilience in relation to certain specified essential functions performed by that organisation.

Details about the categories in the Cyber Assessment Framework are detailed in our article: The NCSC Cyber Assessment Framework.

Why pursue these standards?

  • Enhanced Security: They provide a structured framework for implementing robust cybersecurity controls.

  • Reduced Risk: Adherence to these standards significantly reduces vulnerability to common cyberattacks.

  • Reputation and Trust: Achieving certifications demonstrates a commitment to protecting data, building trust with parents, staff, and partners.

  • Compliance: Helps meet regulatory requirements for data protection.  Six of the DfE Digital Standards are now statutory and schools and colleges should look to comply by 2030.

  • Eligibility: Often a requirement for government contracts or grants.

DfE Digital Standards
DPE's DfE Digital Standards Tracker

The path to Cyber Essentials, Cyber Essentials Plus, and DfE Digital Standards is a strategic investment in an organisation's resilience. It transforms cybersecurity from a reactive measure into a proactive, integral part of operations, safeguarding the future of education and all digital endeavours. Let the lessons of Cyber Security Awareness Month guide your continuous improvement journey!

💡Today's Cyber Tip: Commit to One New Cyber Habit!

As the month ends, commit to adopting one new cybersecurity habit you've learned this month (e.g., always using MFA, checking for updates weekly, using a password manager) and make it a permanent part of your routine.

DPE Knowledge Bank Guidance and Support:


For schools and colleges, six of the DfE Digital Standards are now mandatory. We have a DfE Digital Standards Tracker tool help you track your cyber resilience and your progress: 

   

Review our Cyber Security Best Practice Area for micro learning, support, guidance and policies:



Why not have a look at our 'specialist' trainer Harry the Hacker :

©2025 Data Protection Education Ltd.

Search