As Chief Information Security Officer at Education Horizons, and over my career in the education sector, I’ve witnessed the ever-growing challenges school face in maintaining the security of their most sensitive information. On Thursday, 22 February 2024 I delivered a webinar on the Fundamentals of school cyber security as part of our School Leadership Series 2024.

In this blog I provide a high-level outline of the ground we cover in that webinar, drawing on my experiences as a school IT practitioner, consultant, and now, as a CISO.

Tackling the Challenge of School Cyber-Security

I’ve had the privilege of working with schools at all stages of their security journey which has given me a unique perspective on the types of information security challenges schools deal with on a daily basis. There are so many threats that schools face today. Likewise, there are a plethora of tools and processes available to help combat those threats.

Often it can be really difficult for school leaders to cut through this complexity, making it hard to put the right foundations in place and maintain focus on their most important security priorities. This might sound easy – but perceived complexity is often the biggest challenge when it comes to school cyber-security.

In an era where securing sensitive school data is both more vital and more challenging than ever, my team and I have developed a framework to bring clarity and order to this complex task. We are delighted to share this overview with you here, and to go into more detail at our recent webinar.

Essential Disciplines for School Data Security

At the outset it is essential to remember that cyber-security is as much a cultural challenge as a technical one.

No single technology or process will keep your data 100 per cent safe. Unless everyone is pulling in the same direction, you will always be more vulnerable than you need to be. This means the central goal of cyber-security work should be to build a cyber-security culture, where everyone knows their role and feels confident translating high-level intentions into action.

Let’s explore the eight key disciplines crucial for shaping a robust data-security culture and approach, which we delve into in our webinar:

  1. Know the information you are trying to protect:
    • Understanding how data flows within your school
    • Using data mapping models to identify vulnerabilities and protection options
  2. Security Risk Management:
    • Defining your school’s risk appetite
    • Prioritising risks and exploring strategies to respond
  3. Alignment and Buy-in:
    • The importance of Board and Senior Leadership Team alignment
    • Fostering a shared understanding of cyber-security risks and approach
  4. Accountabilities:
    • Establishing formal accountabilities for information security
    • Ensuring clear roles for IT, administration, finance, SLT, and Board
    • Ensuring unbiased strategic analysis and decision-making
  5. Policies:
    • Evaluating the effectiveness of policies in shaping behaviour
    • Creating and reviewing your policies
  6. Procedures:
    • Aligning policies with on-ground practices
    • Emphasising change management for successful implementation
  7. Training and Awareness:
    • Prioritising learning and development in cyber-security
    • Implementing the right type of training for impact
  8. External Support and Validation:
    • Considering the role and value of external support and validation

Empowering School Leaders for Cyber-Security Success

Navigating the intricacies of school cyber-security requires a strategic and comprehensive approach. My goal in our recent webinar is to provide you with a framework that not only helps you understand your current cyber-security posture but also guides you in prioritising your efforts going forward.

Please watch this short (25 minute) high-impact webinar – and let’s work together to make cyber-security an integral part of your school’s culture.

Watch APAC Watch EMEA

Stay secure!

Daryll Holland

Daryll Holland, CISO
Education Horizons