1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Hi Guest, welcome to the TES Community!

    Connect with like-minded professionals and have your say on the issues that matter to you.

    Don't forget to look at the how to guide.

    Dismiss Notice

Leadership webinar: cyber security (video and webchat)

Discussion in 'Senior Leadership Team' started by AndrewFIS, Jul 8, 2016.

  1. AndrewFIS

    AndrewFIS Occasional commenter TES Leadership Expert

    How can a school defend its IT networks and reputation against the threat of cyber attacks, either from within or without?

    As part of the TES Leadership webinar series, I’ll be putting your questions to Andrew Crowdell of independent insurance brokers BHIB.

    We will examine the key ways in which schools can protect themselves.

    Post your questions below now - and, if you can, join in our live webchat on July 26 at 4.30pm.

    Before that, you can watch a video we’ve made in which Andrew and I discuss the issues, with key advice for school leaders.

    1920x1080-leadership-video-still-v2.jpg


    To access all the videos in the TES Leadership series, plus an exclusive database of grants available to schools, become a TES Leadership subscriber.
     
  2. TES_Rosaline

    TES_Rosaline Administrator Staff Member

    Hi,

    Don't forget to submit your questions below ahead of tomorrow's webchat.

    Thank you.
     
  3. TES_Rosaline

    TES_Rosaline Administrator Staff Member

    Good afternoon and welcome to the nineteenth webchat in our series of discussions aimed at school leaders.

    In a few moments I will hand you over to Andrew, who is editor of FIS, who will be hosting this week's hour-long webchat.

    Andrew and this week's guest, leadership expert panel member Andrew Crowdell of independent insurance brokers BHIB who will be available for the next hour to answer your questions on what schools can do to improve their cyber security.

    If you have any questions please submit them below. Don't worry if we run out of time, any unanswered questions will be responded to and posted on this thread later this week.

    I'll now hand you over to Andrew.



    The content of, and information provided in, the TES Leadership webchats and their associated materials (including information posted in these forums in connection with the webchats) (the “Content”) is provided for general information purposes only. Any use you make of, or reliance you place on, the Content is entirely at your own risk. Professional or specialist advice, tailored to your specific circumstances, should always be obtained before taking (or refraining from) any action on the basis of the Content.

    Whilst TES Global and the panel of leadership experts make every effort to ensure the high quality and accuracy of the Content, TES Global and each leadership expert makes no representation or warranty (express or implied) concerning the Content. Neither TES Global nor any leadership expert will be responsible for any damage or loss related to any use of the Content.

    Neither TES Global, nor any leadership expert, seeks to restrict or exclude any liability they may have for death or personal injury arising through negligence, liability for fraud or fraudulent misrepresentation, or for any liability to the extent that, by law, it cannot be restricted or excluded.

    Please click here for full Terms and Conditions which apply to all TES Global’s websites.
     
  4. AndrewFIS

    AndrewFIS Occasional commenter TES Leadership Expert

    Hello and welcome to this webchat on cyber security in schools. Joining me are Andrew Crowdell and Andy Hall, of BHIB. For those of you following this thread, please feel free to post your query. Remember to refresh your page to see the updates as they appear.

    Thanks for joining us, Andrew and Andy.

    What are the sources and types of cyber threats to schools that most threaten them:

    • internally? and

    • externally?
     
  5. Andrew_Crowdell

    Andrew_Crowdell New commenter TES Leadership Panel Expert

    Hello


    Cyber-crime is now the largest recorded offence in the UK, overtaking physical crime and costs the UK Economy in ALL sectors in excess of £27bn per year.


    Hackers prey on the knowledge that smaller organisations have lower defences than larger organisations. This makes schools very attractive to the Hackers who know exactly how to pick out the Vulnerabilities.


    Aside from crippled services, the worst outcome is the exposure of students’ personal data.

    According to the Information Commissioners office (ICO) the education sector was in the Top 4 of Sectors which suffered the most REPORTED data breaches in 2015-16.

    There are a number of Threats to schools both internally within the school and Externally by Cyber Criminals

    Internally

    • Employee error is a common Threat

    • Rogue Students. (ie Keylogger breach)
    Externally

    • System Interruption by Malware

    • Ransomware/Cyber Extortion

    • Telephone System Hacking & Scams

    • Denial of Service Attacks

    • Phishing or Spear Phishing

    • Email Fraud or Email Cloaking

    • WIFI Breaches (Wardriving)
     
  6. AndrewFIS

    AndrewFIS Occasional commenter TES Leadership Expert

    Which is more dangerous to the school's security?
     
  7. Andrew_Crowdell

    Andrew_Crowdell New commenter TES Leadership Panel Expert

    All threats are dangerous to a schools security. Data security incidents in the education sector can affect the personal data of young children, which can be particularly distressing for the parents/guardians of affected pupils.
     
  8. AndrewFIS

    AndrewFIS Occasional commenter TES Leadership Expert

    What are the potential financial consequences of data breaches?
     
  9. Andrew_Crowdell

    Andrew_Crowdell New commenter TES Leadership Panel Expert

    It is estimated that the average cost of a Data breach, or hack is between £75,000 and £311,000 with potential costs incurred being:

    • Loss, or damage, to your digital data, or software programmes following hacker damage including cost of reconfiguring networks, security and restoring data
    • Interruption following network downtime resulting from a cyber attack.
    • Damages and expenses in defending potential third party claims following a Security Attack, or Breach
    • Regulatory fines following a data breach
    • The cost of identifying and rectifying the cause of the breach
    • Notification cost for third parties whose data has been compromised
    • Credit monitoring services
    Not only are security breaches costly financially, they are also time consuming to deal with and have the capacity to cause substantial reputational damage to your School.

    According to our Breach Calculator – the below example are the approximate costs of a data breach based upon 7500 Data records:

    • Public Relations Firm £15,623
    • Notification letter £5646
    • Identity Monitoring £9486
    • Identity Restoration £847
    • Call centre £5646
    • Regulatory fines £112,937
    • Forensics Investigation £16,470
    • Data Breach Legal Guidance £8376

      Total cost £175,034
     
  10. AndrewFIS

    AndrewFIS Occasional commenter TES Leadership Expert

    What are the stats that highlight the situation in schools?
     
  11. Andrew_Crowdell

    Andrew_Crowdell New commenter TES Leadership Panel Expert

    According to the ICO, The main issues for education in 2015-16 were:

    • Loss or theft of unencrypted devices - 25% of incidents.

    • Insecure webpages (including hacking incidents) – 19% of incidents.

    • Data being sent by email to an incorrect recipient – 14% of incidents.
    Please refer to the ICO Website for further information at the link below:

    https://ico.org.uk/action-weve-taken/data-security-incident-trends/
     
  12. AndrewFIS

    AndrewFIS Occasional commenter TES Leadership Expert

    What are the key aspects of the Data Protection Act that school leaders should know?
     
  13. Andrew_Crowdell

    Andrew_Crowdell New commenter TES Leadership Panel Expert

  14. AndrewFIS

    AndrewFIS Occasional commenter TES Leadership Expert

    What are the risks of non-compliance with the Act?
     
  15. Andrew_Crowdell

    Andrew_Crowdell New commenter TES Leadership Panel Expert

  16. AndrewFIS

    AndrewFIS Occasional commenter TES Leadership Expert

    What are the main ways that schools can protect themselves against internal and external threats?
     
  17. Andrew_Crowdell

    Andrew_Crowdell New commenter TES Leadership Panel Expert

    Schools can protect themselves by ensuring they have an Up to date IT security policy and some simple steps which could include:

    • Each user has their own personal accounts when using a computer
    • Use strong passwords (and perhaps a password manager application)
    • Set your computer and mobile devices to require a login or passcode when you switch them on and when they lock after being left for a certain period
    • Keep your operating system and key applications up to date
    • Install antivirus software and keep it up to date
    • Protect wireless networks using modern (e.g. WPA2) encryption
    • Enable a personal firewall on your PC and a router firewall.
    • encrypting your hard disks
    • Using encrypted flash memory drives.
    Other measures which may include:
    • Adopt a robust insider policy
    • Look out for threats when hiring staff.
    • Monitor employees
    Cyber Liability Insurance

    In the event of an attack or a Data Breach, A School Can protect themselves by mitigating the risk and have a Cyber Liability Insurance Policy.

    A Cyber Liability insurance policy will meet the costs to the school in Event of a Data Breach / cyber attack.

    • First Response Services, Breach Coach, forensic costs
    • Legal fees, advice and expenses
    • Reputational Protection
    • Notification Costs
    • Third Party Liability
    • Cyber Extortion. Ransom negotiator/payment
    • Network Interruption
    • Telephone Hacking
     
  18. AndrewFIS

    AndrewFIS Occasional commenter TES Leadership Expert

    What are the implications for tech budgets?
     
  19. Andrew_Crowdell

    Andrew_Crowdell New commenter TES Leadership Panel Expert

    According to a recent survey by the Institute of Information Security Professionals (IISP) Cyber security budgets are generally growing across all Industries although this increase is not in line with rising threats.

    Two-thirds of members polled said security budgets have increased, while only 15% said budgets have stayed the same. However, 60% of budgets are still not keeping pace with the rise in the level of threats, and only 7% of respondents reported that security budgets were rising faster than the level of threat.

    School Tech Budgets should therefore be assessed to ensure the Budget meets the Threats which face the school.

    A Cyber Liability Insurance Policy is a good way to Transfer the risk, This allows schools to budget a known premium (or Cost) to mitigate against an unknown Risk.
     
  20. AndrewFIS

    AndrewFIS Occasional commenter TES Leadership Expert

    Is backing up data to the cloud as safe as a server?
     

Share This Page