-
DfE cyber security standards assessment and gap analysis
-
Cyber Essentials certification support
-
Network security audits and vulnerability assessments
-
Multi-factor authentication implementation
-
Secure backup solutions (GDPR-compliant, 256-bit encrypted)
-
Filtering and monitoring configuration (KCSIE-compliant)
-
Staff cyber awareness guidance
-
Incident response planning
The UK Government's own surveys show that 60% of secondary schools and 44% of primary schools reported a cyber security incident in the past year alone. Schools are a prime target — and most are not as protected as they think. Smoothwall
DCAD helps schools and trusts across Hertfordshire and Essex understand exactly where they stand against the DfE standards, close the gaps and achieve the certifications that demonstrate genuine protection.
Schools and colleges in England are required to meet the Department for Education's cyber security standards — and the bar is rising every year. A cyber incident in a school isn't just an IT problem. It can mean sensitive pupil and staff data exposed, weeks of disruption to teaching, reputational damage and serious questions from governors, trustees and OFSTED.
What the DfE Cyber Security Standards Require
1. Risk Assessment Identify and document your school's cyber risks. Know what data you hold, where it lives and what would happen if it were compromised.
2. Staff Training & Awareness All staff — not just IT — must understand their role in keeping the school secure. Phishing, social engineering and password hygiene are the most common attack vectors in schools.
3. Firewalls & Anti-Malware Your network perimeter must be protected. Firewalls need to be correctly configured, kept up to date and actively monitored.
4. Access Control Accounts should only have the access they require to perform their role, and should be authenticated to access data and services. Accounts with access to personal or sensitive data must be protected by multi-factor authentication. NASUWT
5. Patch Management & Licensing Software and operating systems must be kept up to date. Unpatched systems are one of the leading causes of successful attacks on schools.
6. Data Backup Schools must have reliable, tested backups in place — stored separately from live systems — so that a ransomware attack or hardware failure doesn't mean permanent data loss.
7. Incident Response Planning If the worst happens, your school needs a clear, documented plan. Who does what, who do you call, and how do you keep teaching going while systems are restored?
Why Schools Fail the Standards
and How We Fix It
The most common reason schools fall short isn't lack of effort — it's that they're relying on IT support that doesn't specialise in education. The DfE standards exist specifically for school environments. A generalist IT provider maintaining business networks has no reason to understand them.
At DCAD, every school we work with is assessed against the full DfE cyber security framework. We identify the gaps, prioritise the fixes and implement the right controls — without overcomplicating it or overcharging for it.
We work with schools and trusts of all sizes, from small nurseries with a handful of devices to multi-academy trusts managing infrastructure across multiple sites. The risks are real at every level.
What dcad ltd Does Differently
Plenty of IT companies offer cyber security services. Very few specialise exclusively in education. That distinction matters more than it might seem.
School networks have unique characteristics — MIS systems, safeguarding software, shared pupil devices, staff BYOD, parental communication platforms, remote access for governors — that create a very different risk profile to a business network. Understanding those risks, and knowing how the DfE and KCSIE requirements interact with your technical environment, requires genuine education sector expertise.
DCAD has been working exclusively with schools, academies and trusts across Hertfordshire and Essex since 2003. When you call us, you speak to Darren or Martin — not a first-line helpdesk operative reading from a script. We know your environment, we understand your compliance obligations, and we give you straight answers.
More Services
