• Contact Us

Cyber Security in the Education Sector

on Wednesday, 21 April 2021.

The National Cyber Security Centre (NCSC) has recently issued an alert to the education sector regarding the increase in targeted cyber-attacks.

Sophisticated attacks targeted specifically at education institutions such as schools and colleges have in recent weeks seen several large education providers affected.

For detailed information on the NCSC's alert, visit their website.

Tips to Boost Your School's Cyber Security

The NCSC website has a lot of practical guidance on cyber-security. The NCSC's 10 Steps to Cyber Security is a good starting point. The 10 Steps focus on incident management, malware prevention and managing user privileges.

Additionally, the Department for Media, Culture and Sport has conducted an annual cyber security breaches survey, which contains an annex specifically about education institutions. This has found that the weakest areas for education respondents out of the 10 Steps are user education and awareness (eg staff training).

To reduce the risk of and safeguard against phishing and ransomware attacks, schools should consider raising staff awareness, particularly in light of the fact that training was the area where the schools surveyed appear to be the weakest.

If your school does not already provide cyber security training and guidance for staff then implementing this should be a high priority. Cyber security training should be provided as part of wider staff data protection training. If it has been a few years since your last staff training (and many schools may not have refreshed on this since the GDPR was implemented) then we suggest carrying out refresher training, as well as reviewing policies and procedures to support the training.

VWV Plus - Data Protection eLearning

Another key safeguard schools can put in place is having a plan for an attack, including thinking about your procedures for detecting and responding in the event of attack. Identifying key members of staff to take ownership of the response process, and ensuring that all staff are aware of who they are, can assist in timely detection and action.

A resource which may be of assistance with this is the NCSC guidance on mitigating malware and ransomware. According to the NCSC, key areas which attackers regularly exploit are:

  • weak passwords
  • lack of multi-factor authentication
  • unpatched vulnerabilities in software.

School Cyber Security  - Key Takeaways

The key here is for your school to ensure that it has both organisational and technical measures in place to safeguard against cyber-attacks. Organisational measures will include the training (mentioned above) and ongoing guidance that staff can refer to. Technical measures are things such as having back-ups in place and secure firewalls which are up-to-date.

When assessing whether an organisation is in breach of the UK GDPR information security principles, as part of an investigation, the ICO will often have regard to the NCSC guidance.

For specialist legal advice on data protection in your school, please contact Bronwen Jones in our Data Protection & Information Law team on 07818 018215, or complete the form below.

Get in Touch

First name(*)
Please enter your first name.

Last name(*)
Invalid Input

Email address(*)
Please enter a valid email address

Please insert your telephone number.

How would you like us to contact you?

Invalid Input

How can we help you?(*)
Please limit text to alphanumeric and the following special characters: £.%,'"?!£$%^&*()_-=+:;@#`

See our privacy page to find out how we use and protect your data.

Invalid Input