Cyber insurance for your school
Schools can insure against potential losses due to cyber-attacks, but some 'cyber add-ons' to policies give very limited cyber cover and are inadequate compared to a properly structured cyber insurance policy.
We can provide cyber insurance for your school which can include:
- Incident response costs
- Regulatory actions and investigations and court attendance costs.
- Business interruption from network downtime
- Extortion where a third party threatens to damage or release data if money is not paid to them
- Parent or third-party notification expenses when there is a legal or regulatory requirement to notify them of a security or privacy breach
- IT security and forensic costs
- Repair, replacement and recovery following system damage
- Cover for fines under data legislation (where legally deemed insurable)
- Crisis and media management services
- Funds transfer fraud
Cyber risk management services
In addition, our policies can provide risk management services including breach monitoring (searches the dark web for information specific to your school); building an incident response plan; and risk awareness training.
Consider paying for a full penetration test of your network, both inside and out. Penetration testing will look for weaknesses in your network, weaknesses in staff training and understanding of potential threats through phishing, weaknesses in poor update policies and patch roll outs.
At a minimum, conduct a cyber essentials assessment. If your IT department is reluctant to allow such a test, then you may already have security issues that need to be resolved.
Having the ability to restore business data quickly and easily to maintain business continuity and reduced downtime is critical. Regularly test data recovery and bare metal restores. How long do you realistically expect it to be to get your school back up and running?
The risk of cyber-attacks is greater than ever with the perpetrators using ever increasing levels of sophistication to trick users and gain access to services:
- Acknowledge your vulnerability and future responsibilities.
- Ensure that the appropriate resources are provided, and the correct training given.
- Define a proactive cyber resilience strategy to mitigate the risks, never assume you will not be targeted at some point in the future.
If you have concerns about your IT systems and lack of transparency then consider an independent IT audit to look at staffing, skills gaps, processes, backup strategy, resourcing, budgets and service delivery for both administration and teaching. Problems at this level can lead to bigger issues with the underlying IT infrastructure.