- Where possible have some logging and monitoring software in place that will alert someone should your network come under attack. Design systems to they are able to detect and investigate incidents.
- Ensure your systems are as up to date as they can be, so they are not open to known vulnerabilities.
- Ensure there is a backup should the worst happen.
- Ensure that any remote access is locked down to only those that really need it and done in a secure way.
- If any devices belonging to the organisation are taken home, ensure that they are tracked via Asset Management and have the appropriate filtering and monitoring in place.
- Ensure that all staff know what to do if they suspect a cyber incident has taken place. Make staff aware of how they might contact the right person in your organisation.
- Ensure your Cyber Incident Response Plan is up to date.
- Remind everyone about the use of strong passwords and use MFA where possible.
- Ensure staff are aware there may be increased phishing emails over the next few weeks.
- If any employees or students are leaving at the end of term, ensure their accounts are terminated in the correct time frame.
Review our other Guidance for Schools and Data Protection about taking photos for special events: Guarding Festive Moments: Navigating Privacy at the End of Term and Christmas
Review physical security of the building: document DPE Model Physical Security Policy (179 KB)
Remember the cyber criminals will not be taking a holiday!
What to do in the event of a Cyber Attack
Tell someone! Report to IT. Report to SLT.Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off. Isolate the infected device and pass to IT
If you are a victim of a ransomware attack we would recommend reporting this to:
Action Fraud: https://www.actionfraud.police.uk/ as well as your data protection officer so they can advise about the data loss or your local police and ask for the cyber crime team or phone 101 and ask for the cyber crime team.
Most cyber crimes like these will also need to be reported to the ICO by your data protection officer. Our customers should email
These incidents should also be reported to the DfE sector cyber team at
Academy trusts have to report these attacks to ESFA.
Where the incident causes long term school closure, the closure of more than 1 school or serious financial damage, you should also inform the National Cyber Security Centre.
Always ensure there are backups you can restore from. Preserving evidence is as important as recovering from the crime.
Forward suspicious emails to
Image created using Canva AI technology