CyberSmart has become an official supplier on G-Cloud 11, a major government procurement framework. 

G-Cloud, created in 2014 by the Crown Commercial Service and Government Digital Service, makes government procurement easier, transparent and much more efficient, reducing the usual lengthy procurement processes from weeks/months down to days. It is straightforward and well guided.

After making it through a rigorous tender process, which ensured our products and services fit in with the needs of G-Cloud, we were confirmed as a supplier from July 2019, ensuring cybersecurity compliance and assurance are easily accessible to everyone on the framework.

The framework allows the central government, local authorities, NHS Trusts, Ministry of Defense and other public sector bodies (including agencies and arm’s length bodies) to access a central website and purchase cloud-based services. 

With CyberSmart Active Protect in G-Cloud 11, the tools are in place to ensure full cybersecurity compliance and assurance in public sector bodies and meet recognised cybersecurity standards across full organisations. 

From ensuring all devices are continuously compliant; to achieving certifications, often on the same day, such as Cyber Essentials, Cyber Essentials Plus or IASME GDPR Ready, the opportunity is now clear and much faster than before.

Jamie Ahktar, CyberSmart’s CEO said: “ Cybersecurity in the public sector is a matter of great concern, so we are happy to be able to provide our innovative platform and products, to support and safeguard key British organisations. Being included in G-Cloud 11 is yet another endorsement of CyberSmart’s platform, and is testament to our already successful and growing relationship with the public sector.”

Can you purchase via G-Cloud 11? See here for government guidance or contact us.

As you probably know already, schools and universities are not immune to attacks from disgruntled employees or other insiders. However, there is another key issue for school leadership teams that is unique to the education sector: students!

Students are often more digitally aware than most teachers and other school employees. This can lead to new digital platforms being introduced into the school environment without staff being made aware.  This insider threat to schools from students is not malicious; instead, it’s an issue of negligence in some cases or lack of awareness in other.

While students and teenagers may be tech savvy, they’re not often very security conscious. The consequences of exposing the school network to a data breach or cyber attack is often not properly understood. They are also not legally culpable for any actions that might result in a breach, so there is less of an incentive to take responsibility.

Adults are also potential insider threats; a teacher may bring a corrupted USB stick into school with their learning resources, or school admin staff may open and respond to a phishing email without understanding what it is. This is why schools must keep on top of their security policies and enforce them across the whole school community.

Awareness Of The Threat Landscape

The general lack of awareness about the types of attack a school network may be subjected to, what they look like, and where they come from is a major problem for the school as a whole.

All parties – IT departments, network managers, teachers, school employees and students – must be made aware of the threat landscape with relevance to their internet and network usage. Regular training should be part of the schools’ IT policy, raising awareness of the consequences of cyber attack to the school and individuals personally – which could include disciplinary actions.

Network Protection

School networks need robust defences in place to protect from threats such as malware or DDoS attacks. Antivirus, web filtering, firewall, device encryption, mobile data management and penetration testing should all be updated regularly and reviewed to keep pace with new threats and technologies.

Managing User Privileges

An effective way of limiting the potential damage an insider threat poses is to rigorously manage who has access to the network, and what they can and can’t do.

Both staff and students should only have limited access to the school’s network based on their requirements, reducing the opportunity for malicious or accidental misuse of the network. Managing user accounts should also include regularly reviewing what access individuals require, blocking access to some systems if individuals no longer need them, and deleting users when they leave the school.

If you have any questions about Cyber Security in general or just want to have a chat, drop us a line at hello@cybersmart.co.uk

Protecting your data and organisation is hard work — let us help you make it easier.