Although the video is from 2021, the information and lessons learned from it are very pertinent. The CEO of the Harris Federation explains how they were attacked on a Friday evening and how they managed the attack and the subsequent recovery. The DfE Digital Standards for schools and colleges says that anyone that has access to the school network should have cyber security training annually, and this video is great for covering that remit.
He explains that had data retention for the organisation been better, the recovery might have been easier. He talks about all of the systems that were down and relied on the availability of the network, including the electric gates.
There is no doubt, that suffering a cyber attack can be devastating for an organisation however ready you might feel you are and however cyber resilient that you are.
Remember that if you suffer a cyber attack, you must report it to the ICO and there are other requirements depending on whether you are a school or a MAT.
Working your way through our checklists, like the Information/Cyber Security one can start to give you an idea of where your organisation is with cyber resilience. We would also recommend taking a look a the DfE Digital Standard for Cyber Security, which is the largest document in the set of documents. Governors or trustees should also consider assigning a digital link role within the governing body or board of trustees as well as assigning someone in SLT to be the SLT digital lead. Watch our short video about getting started with the DfE Digital Standards:
What to do in the event of a Cyber Attack
Tell someone! Report to IT. Report to SLT.Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off. Isolate the infected device and pass to IT
If you are a victim of a ransomware attack we would recommend reporting this to:
Action Fraud: https://www.actionfraud.police.uk/ as well as your data protection officer so they can advise about the data loss or your local police and ask for the cyber crime team or phone 101 and ask for the cyber crime team.
Most cyber crimes like these will also need to be reported to the ICO by your data protection officer. Our customers should email
These incidents should also be reported to the DfE sector cyber team at
Academy trusts have to report these attacks to ESFA.
Where the incident causes long term school closure, the closure of more than 1 school or serious financial damage, you should also inform the National Cyber Security Centre.
Always ensure there are backups you can restore from. Preserving evidence is as important as recovering from the crime.
Forward suspicious emails to