Over the past six months, the National Cyber Security Centre (NCSC) made two of its cyber security services available to all colleges and at no charge. Around a third of colleges have taken up the offer so far and we’d love to get that figure higher.
Perhaps unsurprisingly, take-up from universities has been much faster with nearly 60% of them now using of one or both tools. We know that universities usually have much bigger IT departments and budgets, but the vulnerabilities these tools address affect FE just as much HE. And on the issue of budgets, did we mention that these tools are free of charge?
To help us to help colleges improve their cyber security we’re asking college leaders to talk to their IT teams to see whether their institution is one of the 30% of early adopters making use of these tool.
If they aren’t then it’s worth pointing them in the direction of our website where they can find out more about what’s on offer to help with cyber resilience and how to sign up.
The tools on offer are:
- Web Check, which scans institutions’ websites to check for common security vulnerabilities and gives advice on how to address the most important of these. This is important because cyber criminals exploit website vulnerabilities to gain access to an organisation’s network and data. Web Check is easy to set up and once you’re up and running, the tool will regularly check your domain(s) and inform you of any problems. One new user recently told “It was really helpful to have an authoritative 3rd party resource to evaluate our website security. Also the recommendations were really easy to follow.”
- Mail Check which helps in the fight against phishing. Specifically, it helps your team set up anti-spoofing controls to stop attackers sending fake emails (to students, parents etc.) pretending to be from your organisation. These controls can also help reduce your legitimate emails going into spam folders. Mail Check is also quick to set up. Addressing the feedback it provides can be done gradually, making changes and monitoring over a few months. The Mail Check tool provides guidance throughout and our team can be contacted for further assistance. “Many thanks for that meeting just now. Learnt more in 40 minutes about DMARC and email security in general than I have in a couple of years. Really appreciate your time and effort” is what one university IT manager told us.
The National Cyber Security Centre (NCSC) is part of GCHQ and was set up in 2016 as the UK’s technical authority on cyber security. Our mission is to make the UK the safest place to live and work online. Part of the way we do this is by working closely with specific parts of the economy and society, including the education sector.
We’ve got lots of advice and resources to help colleges, including the Cyber Security Toolkit for Boards which can help senior leaders and governors get to grips with cyber security at a strategic level, and Exercise in a Box. This helps organisations test their preparedness to deal with common cyber incidents, giving them feedback on how to improve their resilience. Do see our website for more information.
Hannah H is Colleges Engagement Lead, NCSC