Cyber Essentials for Education
Cyber Essentials is a certification scheme endorsed by the UK government that helps schools to remain protected from cyberattacks.
Get in touchCroft partners with a leading cyber security provider to make certification simple and accessible for schools, colleges, and universities. We help your educational institution stay secure in an evolving threat landscape by protecting access and devices while improving cyber security awareness.
Recently there has been a rise in the number of cyberattacks on education providers, including schools, colleges, and universities. This spike is mainly due to the amount of sensitive data stored and inadequate IT security, plus schools also have a large number of users. As a result, without a Cyber Essentials for education certification, they are prime targets for threats such as phishing and ransomware. It just takes one wrong click on a malicious link, and your network could be breached.
This has prompted the NCSC to advise the education sector to be better protected from such threats. The effects of a data breach resulting from an attack can be devastating and long-lasting. A recent survey found a third of schools who suffered a breach lost complete control of their systems, data or money.¹
Becoming Cyber Essentials certified is a simple and cost-effective way to improve cyber security. Adhering to these guidelines has been shown to help guard organisations from 98.5% of common cybersecurity threats.² For this reason, the Education and Skills Funding Agency (ESFA) requires education providers to have a Cyber Essentials Plus certification to access funding. Cyber Essentials also helps support compliance with the General Data Protection Regulation (GDPR).
Completing the certification not only means you meet regulations, but it’s an initial step towards creating a cybersecure culture in your school, college, or university. This will help to raise awareness and encourage users to be careful when handling digital devices or data. Working together we can fully protect your school from cyber threats and their devastating effects.
Want to protect your school, college, or university? Talk to one of our Cyber Essentials experts today!
You are currently viewing a placeholder content from HubSpot. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More InformationBenefits of Cyber Essentials for Education
Cyber Security Protection
Helps to reduce the risk of widespread cyberattacks, including phishing, malware, and ransomware, by applying five key security controls: secure configuration, user access control, malware protection, and patch management. This will improve your response and recovery times.
Advantages for Your Institution
Builds trust with students, parents, and staff by showing a commitment to protecting sensitive data, while strengthening credibility with education partners and suppliers. Cyber Essentials also includes AIG’s First Response Service for incident support.
Operational Improvements
Improve student and staff awareness and cyber hygiene while simplifying IT practices, standardising secure configurations, and supporting compliance with GDPR and other regulations.
Financial Incentives
Helps to reduce the likelihood and cost of cyber insurance claims; automatic cyber liability insurance is also included.
Strategic Value
Ensuring you pass the annual assessments ensures ongoing security against modern threats and shows commitment to students, parents, and staff.
Cyber Essentials Certification for Education
The initial Cyber Essentials certification is based on a self-assessment process. Your school, college, or university will need to complete a comprehensive questionnaire that covers core elements of your IT ecosystem, including the extent of the assessment, staff roles, devices that you use, and site locations.
The Cyber Essentials questionnaire will also assess how you have implemented the five core controls. When your team has completed this, the responses are reviewed by a senior board member before being appraised by an independent assessor.
The five core controls of Cyber Essentials are:
1. Firewall
A firewall and appropriate controls are in place to ensure you have a secure internet connection.
2. Secure Configuration
Endpoint and cloud configurations are in alignment with best practices.
3. User Access Controls
Assess identity and access management within the school’s Microsoft 365 environment.
4. Malware Protection
Evaluate how devices are deployed, protected, and managed across the school.
5. Security Update Management
Identify any missing security updates and unsupported systems within the school environment.
Croft’s Cyber Essentials for Education Certification Package Includes:
-
1× Cyber Essentials Certification – achievable within any 12-month period
-
Unlimited assessment submissions – at no extra cost
-
Assessment and Security Portal – secure cloud-based platform
-
Smart Policies – pre-built policy templates for user distribution and agreement
-
Active Protect – review of device configurations and security settings
-
Croft Professional Services – step-by-step guidance and support for certification
-
Remediation Time – allocated time to help address any failed controls
Plus Cyber Insurance with £100k GBP Aggregate Limit
-
Free with Cyber Essentials certification
-
Cyber insurance – provides robust coverage in the event of a cyberattack
-
24/7/365 AIG response service
-
Coverage includes:
-
Security and privacy liability
-
Cyber extortion and network interruption
-
-
48-hour free AIG First Response Service
Cyber Essentials Plus Certification for Education
Cyber Essentials Plus further extends the framework of Cyber Essentials by also assessing your existing IT ecosystem. Your school, college, or university will need to complete the initial Cyber Essentials self-assessment before advancing to this level.
Both certifications are based on the same key security controls, but Cyber Essentials Plus provides a more robust level of impartial review. During the assessment an accredited professional will test your IT environment to ensure you have effective security controls in place.
This evaluation will check staff and student devices, internet-facing gateways, and any servers that deliver online services. This will provide your educational institution with a comprehensive evaluation of its cyber security posture.
1. Meet the Requirements of Cyber Essentials for Education
Show that your school has put in place the five technical controls required by Cyber Essentials as outlined above.
2. Independent Technical Audit
Unlike the standard Cyber Essentials, Cyber Essentials Plus involves a practical, hands-on check carried out by a qualified assessor.
3. Vulnerability Scanning
Both internal and external checks are carried out to find any outdated software or incorrect settings.
4. Device Testing
School devices are tested to make sure security settings are correct and any vulnerabilities are fixed.
5. Email and Web Browsing Tests
Simulated attacks are used to check how well the school’s systems can protect against phishing and harmful websites.
Croft’s Cyber Essentials Plus Certification for Education Package Includes:
-
1× Cyber Essentials Certification – achievable within any 12-month period
-
1× Cyber Essentials Plus Certification – to be achieved within 3 months of completing Cyber Essentials
-
Independent assessment – conducted by expert auditors
-
In-house vulnerability scanning – ensures all device checks are met
-
Unlimited assessment submissions – at no extra cost
-
Assessment and Security Portal – secure cloud-based platform
-
Smart Policies – pre-built policy templates for user distribution and agreement
-
Active Protect – review of device configurations and security settings
-
Croft Professional Services – step-by-step guidance and assistance for certification
-
Remediation Time – allocated time to help address any failed controls
Plus Cyber Insurance with £250k GBP Aggregate Limit
-
Free with Cyber Essentials certification – provides robust coverage in the event of a cyberattack
-
24/7/365 AIG response service
-
Coverage includes:
-
Security and privacy liability
-
Cyber extortion and network interruption
-
-
48-hour free AIG First Response Service
Additional work completed for Cyber Essentials Plus
-
Review all third-party software to ensure it is up-to-date on all devices and servers
-
Provide recommendations to address out-of-date software and vulnerabilities
-
Remediate out-of-date software and vulnerabilities using the allocated remediation time*
-
Review and remove unnecessary software, including older browser versions
-
Confirm all critical software (e.g., Adobe, Java, Chrome) is fully updated on all devices and servers
-
Schedule a 90-minute call with the auditor
-
Install the Qualys agent provided by the auditor
-
Attend the 90-minute call with the auditor and the designated customer contact
-
Submit the assessment questionnaire to the certification body for review and evaluation
Additional Services for Cyber Essentials for Education
Excluded Services for Cyber Essentials for Education
The following are not included in our Cyber Essentials for education packages:
-
Hardware and software upgrades
-
Any unexpected items not explicitly listed in the service description
-
Project work for implementing additional IT systems or software
-
Onsite visits unless specifically included in your quotation
-
Extra remediation time beyond what is allocated in your quotation
An education technology partner you can trust
Accreditations
Testimonials
What our education clients say
You might also be interested in ...
Education IT Support
Find out moreCloud Backup and Disaster Recovery
Find out moreDiscuss challenges. Get Solutions
Speak to one of our Cyber Essentials for education specialists about your technology challenges.
Get in touch
You are currently viewing a placeholder content from HubSpot. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More Information