InfoSec / Cyber

Data breach via a cyber attack on computers in a school. A cloud with the words Pre-holiday Cyber check! and Data Protection Education logo

Christmas Pre-Holiday Cyber Check!

🎄🎄🎄 Did you know there is an increase in cyber attacks on a long weekend, half term and end of term.  This article gives some advice about what you need to have in place.
If you look through our articles about cyber attacks on schools, they will likely have taken place on the first weekend of a holiday.  Review the articles here 👉













Here are some simple considerations to help improve your cyber resilience and what to do if you are attacked:

🛡️Ensure multi factor authentication is set up on all critical systems and systems that give access to personal data.
🛡️Have a cyber response plan which everyone has access to and knows who to contact if they suspect a cyber incident.  Sometimes someone may pop into school to complete some work or try and access the network and find they can't.  Staff should understand that if that every happens, then they should contact SLT/IT for further investigation.
🛡️Remind staff about the dangers of phishing emails.  Ensure staff know who to report any incidents to, especially if they have input any credentials.
🛡️Limit systems that can be used outside of school and remotely. Ensure any remote access is closed down or extra secure and regularly review.
🛡️Have a named contact in the event of an incident.
🛡️Ensure you have a backup and backup plan, with a practised recovery.
🛡️If any staff are leaving, ensure you have collected equipment and removed their access to systems.
🛡️Check with facilities/estates as to whether any contractors will be on site during the period and ensure devices, services and network cabinets are locked and secure.
🛡️Where possible have some logging and monitoring software in place that will alert someone should your network come under attack.   Design systems to they are able to detect and investigate incidents.
🛡️Ensure your systems are as up to date as they can be, so they are not open to known vulnerabilities.
🛡️Assign an SLT digital lead - this will help you meet some of the above criteria as they address the DfE Digital Standards.  Review our website here: 👉 https://digitalstandardstracker.co.uk/

Review our End of Term checklists: End of Term/Year Routines for Schools
Review our other Guidance for Schools and Data Protection about taking privacy precautions at the end of term: Navigating privacy at the end of term
Review physical security of the building:  document DPE Model Physical Security Policy (179 KB)

Review the NCSC's 'A Guide to Ransomware'

Remember the cyber criminals will not be taking a holiday! 

What to do in the event of a Cyber Attack 

Incidents or attacks where any security breaches may have taken place, or other damage was caused, should be reported to an external body. 

The SLT digital lead will be responsible for assigning someone to report any suspicious cyber incidents or attacks. This person will need to report this to: 

  • Action Fraud on 0300 123 2040, or the Action Fraud website 
  • the DfE sector cyber team at This email address is being protected from spambots. You need JavaScript enabled to view it. 

You may also need to report to: 

You must act in accordance with: 

Police investigations may find out if any compromised data has been published or sold and identify the perpetrator. 

m.  Preserving evidence is as important as recovering from the crime.

Forward suspicious emails to This email address is being protected from spambots. You need JavaScript enabled to view it.. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

Little Guide to ACTION FRAUD



Image created using Canva AI technology

Search