Best Practice Update

Cyber attacks in blue text, Harry the Hacker phishing a laptop, and looking a computer screen. Data Protection Education logo

Cyber attack on a Trust; the aftermath

The aftermath of cyber attacks on schools and multi academy trusts is rarely documented or shared, so it was refreshing to see this video made in conjunction with GovernorHub.
Although the video is from 2021, the information and lessons learned from it are very pertinent.  The CEO of the Harris Federation explains how they were attacked on a Friday evening and how they managed the attack and the subsequent recovery.  The DfE Digital Standards for schools and colleges says that anyone that has access to the school network should have cyber security training annually, and this video is great for covering that remit.

He explains that had data retention for the organisation been better, the recovery might have been easier.  He talks about all of the systems that were down and relied on the availability of the network, including the electric gates.

There is no doubt, that suffering a cyber attack can be devastating for an organisation however ready you might feel you are and however cyber resilient that you are.

Remember that if you suffer a cyber attack, you must report it to the ICO and there are other requirements depending on whether you are a school or a MAT.



Working your way through our checklists, like the Information/Cyber Security one can start to give you an idea of where your organisation is with cyber resilience.  We would also recommend taking a look a the DfE Digital Standard for Cyber Security, which is the largest document in the set of documents. Governors or trustees should also consider assigning a digital link role within the governing body or board of trustees as well as assigning someone in SLT to be the SLT digital lead.  Watch our short video about getting started with the DfE Digital Standards:


What to do in the event of a Cyber Attack 

Tell someone!  Report to IT. Report to SLT.

Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off. Isolate the infected device and pass to IT 

If you are a victim of a ransomware attack we would recommend reporting this to:
Action Fraud: https://www.actionfraud.police.uk/ as well as your data protection officer so they can advise about the data loss or your local police and ask for the cyber crime team or phone 101 and ask for the cyber crime team.

Most cyber crimes like these will also need to be reported to the ICO by your data protection officer. Our customers should email This email address is being protected from spambots. You need JavaScript enabled to view it..

These incidents should also be reported to the DfE sector cyber team at This email address is being protected from spambots. You need JavaScript enabled to view it..

Academy trusts have to report these attacks to ESFA.

Where the incident causes long term school closure, the closure of more than 1 school or serious financial damage, you should also inform the National Cyber Security Centre.

Always ensure there are backups you can restore from.  Preserving evidence is as important as recovering from the crime.

Forward suspicious emails to This email address is being protected from spambots. You need JavaScript enabled to view it.. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

Little Guide to ACTION FRAUD

Search