Cyber security certifications in schools

Technology in education has evolved over the last few years as students and teachers navigate remote learning. With this shift, cyber security threats have evolved too, requiring schools to adapt to ever-changing requirements to keep devices safe. The “Cyber Essentials in Education” e-book walks you through what cyber security looks like in schools, and how the Cyber Essentials certification can ensure your students and teachers are protected from security threats.

Getting started

So where to begin? Your IT and security team, if available, can provide support and maintenance for any implemented security measures. In terms of what devices to use, Apple’s devotion to innate security and user privacy makes them an excellent choice for a secure platform. And Jamf provides Jamf School, an easy-to-learn device management powerful enough to manage your devices, configure security settings and integrate with a variety of third-party software.

Additionally, you can utilize certification partners that help you establish a secure infrastructure while demonstrating your institution’s commitment to cyber security. This e-book discusses the Cyber Essentials certification supported by the UK’s National Cyber Security Centre.

The times, they are a-changin’

Gone are the days when few bad actors had Mac in their sights. Apple’s gain in popularity means more malware authors are targeting macOS. Jamf Threat Labs, the security and research sector of Jamf, watches for and studies threats affecting macOS and iOS-based users. By gathering relevant data, we can determine attack trends and incorporate protection into Jamf solutions.

With the pandemic came the imperative change into remote learning. This required educational institutions to adapt or overhaul their technology infrastructure, potentially creating vulnerabilities open to attack. Classrooms started utilizing more mobile devices like the iPad; the increase in the number of devices also means an increase in endpoints open for potential attack. Mobile devices also require a different security strategy than institutions may be used to using. Attackers took advantage of this with aggressive phishing campaigns and by using cloud-based storage services to gain unauthorized access to sensitive data.

In fact, the last year showed these security trends (among others mentioned in the e-book):

• Malware installations on remote devices doubled.
• Risky device configurations negatively impacted 1/5 of organizations.
• Compromised devices accessing collaboration apps increased from 34% to 64%

Taking these trends into account, what can we implement to mitigate our risk of attack?

10 basic security controls

The e-book expands on these 10 basic security controls as recommended by Cyber Essentials and Jamf.

• Firewalls
• Secure configuration
• Access control
• Malware protection
• Patch management
• Identity provision (IdP)
• Zero trust network access (ZTNA)
• Machine learning
• Mobile threat defense (MTD)
• Regulation compliance

Cyber Essentials

The UK’s GDPR website defines Cyber Essentials as a “UK government scheme supported by the NCSC (National Cyber Security Centre), and is intended to help organsations of any size demonstrate their commitment to cyber security, while keeping the approach simple and the costs low.” The NCSC touts that implementing these five key controls can provide protection from 80% of cyber attacks: Firewalls, secure configuration, access control, malware protection and patch management. These controls also minimize any attack impact if the device is compromised, reducing the time to remediate a device and return it to the student or teacher.

There are two tiers to the Cyber Essentials certification. Both require completing a self-assessment questionnaire (SAQ) to show that the five aforementioned security controls have been implemented. For the second tier, Cyber Essentials Plus, a hands-on technical verification is required. Educational institutions may also take a free readiness assessment to understand whether their devices and networks are ready for a Cyber Essentials certificate.