Schools are not immune to the threats of cyber-attack, data theft, unauthorised access or IT failure.
- The type of data handled by schools can be attractive to criminals, such as medical records, passport numbers and parent financial information.
- There are usually a wide range of entry points to your systems for staff, pupils and parents, some of which may not be protected.
- Many schools have IT systems that are 'decentralised' out of necessity, which in itself creates security control issues.
- Wi-Fi networks accessed by large numbers are an easy entry point for criminals.
Instilling a culture of secure systems and procedures and recognising threats is vitally important in minimising the risks. In recent years insurance covers have become available and examples of the covers are shown below to highlight the potential impact of system failures, misuse or attacks.
Privacy notification costs
Provides the legal costs, including postage and advertising, incurred by the school in notifying parents and fee payers that a network or privacy breach has occurred, which might compromise their data.
This covers the school for claims against them of defamation, libel and slander, and unintentional infringement of intellectual property rights such as copyright, plagiarism or piracy.
Network security and privacy liability
Covers the liability of the school should it fail to prevent the transmission of a virus, or a denial of service attack to another network, or destroy data that has been entrusted to them by a third party, or fail to prevent the unauthorised disclosure of confidential information.
Credit assistance expenses
Fees incurred by the school in the procurement of professional credit monitoring services or identity theft assistance for individuals affected by a network or privacy breach.
Crisis management expenses
Expenses incurred by the school for legal and professional advice for media strategy, crisis consulting and independent public relations services following a breach.
Costs incurred for specialist forensic auditors or investigators to conduct a review or audit to substantiate how the breach occurred.
Electronic data rectification expenses
Reasonable costs and expenses incurred to repair or restore your computer system to the standard immediately before it was damaged or destroyed by a network security breach.
Covers the school for extortion demands where there is a credible threat to destroy your computer system or website, or a threat to introduce a malicious code or a denial of service attack.
Cyber business interruption
Protects the school against loss of business income following a network security breach that results in total or partial interruption to your computer system.
PCI fines and penalties
Payment Card Industry (PCI) fines or penalties arising from a network or privacy breach due to non-compliance with Payment Card Industry Data Security Standards.If you would to discuss any of the points further, please contact Heather Wheelhouse, or your usual RSM adviser.