Best Practice Update

    You are here:  
  1. Home
  2. Best Practice Update
  3. Cyber Attack on a School
Cyber Attack on a School
Best Practice Updates

Cyber Attack on a School

The Misbourne School in Great Missenden had to partially shutdown in January due to a cyber attack.  The attack significantly affected its infrastructure and operations.
The school advised that the ransomware attack was of international origin which encrypted and locked down their servers and network and left them unable to use the internet affecting critical systems used in daily operations.

The school did report the breach to the ICO and the National Cyber Security Centre.  Unusually, the school published a detailed update on their own school website which detailed the attack and what they had done to try to determine whether staff, families and students data was affected.  They also gave a dedicated email address to contact with any questions about the attack:

The Misbourne

The school also goes on to answer further questions and give further advice and support about the attack.

A cyber attack can be devastating to a school, not just in loss of data, but in the time and funds it takes to get back up and running.  In this instance, the school has done a fantastic job in the way it has communicated information to those individuals whose data it holds and we wish them well in their recovery.

We can provide help and support around cyber resilience and cyber security, which includes a Best Practice Area and Checklists.

Answer a sample Information/Cyber Security checklist question:

Have staff completed cyber security training?

Invalid Input

Amazing, you have ticked off an important item on the Information and Cyber Security checklist.  Staff should have cyber security training annually if they have access to the network.  This should also include training and awareness about passwords, data breaches and information security.
For further help and guidance and access to the full checklist, please contact This email address is being protected from spambots. You need JavaScript enabled to view it..



As a controller you are responsible for keeping any personal data safe that you collected.  Raising cyber security awareness is part of keeping personal data and systems safe.  The DfE Digital Standards for School and Colleges advises that all staff that have access to the network should have annual training. This should include a designated governor.  The NCSC provides free School Staff Training.  Further free training is highlighted in this article: Free Cyber Training for Staff

Harry the Hacker loves to take data that isn't protected!

 

Clipart cartoon with headphones on Please contact us for more help and advice about data protection compliance and cyber security standards: This email address is being protected from spambots. You need JavaScript enabled to view it. including the full checklist and best practice. 

 

Try asking the data protection lead in your organisation, or SLT digital lead or contact your DPO:

We can provide help and guidance with data protection compliance, cyber security standards and records management: This email address is being protected from spambots. You need JavaScript enabled to view it. including the full checklist and best practice.


What to do in the event of a Cyber Attack 

Incidents or attacks where any security breaches may have taken place, or other damage was caused, should be reported to an external body. 

The SLT digital lead will be responsible for assigning someone to report any suspicious cyber incidents or attacks. This person will need to report this to: 

  • Action Fraud on 0300 123 2040, or the Action Fraud website 
  • the DfE sector cyber team at This email address is being protected from spambots. You need JavaScript enabled to view it. 

You may also need to report to: 

You must act in accordance with: 

Police investigations may find out if any compromised data has been published or sold and identify the perpetrator. 

m.  Preserving evidence is as important as recovering from the crime.

Forward suspicious emails to This email address is being protected from spambots. You need JavaScript enabled to view it.. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

Little Guide to ACTION FRAUD


©2025 Data Protection Education Ltd.

Search

  • News