If you look through our articles about cyber attacks on schools, they will likely have taken place on the first weekend of a holiday. Review the articles here 👉 South East Technological University has experienced a cyber incident
Cyber Attack on a Special School
Cyber attack on a University
Fylde Coast Academy Trust Cyber Attack This Week
Ransomware cyber attack on a school in Bromley
School hit by Cyber Attack
Cyber attack on a school during half term
The rise of cyber attacks in schools are causing pupils to miss classes
Cyber attack on a Trust; the aftermath
Cyber Attack on a School
Cyber Attack: Manchester University
Here are some simple considerations to help improve your cyber resilience and what to do if you are attacked:
🛡️Ensure multi factor authentication is set up on all critical systems and systems that give access to personal data.
🛡️Have a cyber response plan which everyone has access to and knows who to contact if they suspect a cyber incident. Sometimes someone may pop into school to complete some work or try and access the network and find they can't. Staff should understand that if that every happens, then they should contact SLT/IT for further investigation.
🛡️Remind staff about the dangers of phishing emails. Ensure staff know who to report any incidents to, especially if they have input any credentials.
🛡️Limit systems that can be used outside of school and remotely. Ensure any remote access is closed down or extra secure and regularly review.
🛡️Have a named contact in the event of an incident.
🛡️Ensure you have a backup and backup plan, with a practised recovery.
🛡️If any staff are leaving, ensure you have collected equipment and removed their access to systems.
🛡️Check with facilities/estates as to whether any contractors will be on site during the period and ensure devices, services and network cabinets are locked and secure.
🛡️Where possible have some logging and monitoring software in place that will alert someone should your network come under attack. Design systems to they are able to detect and investigate incidents.
🛡️Ensure your systems are as up to date as they can be, so they are not open to known vulnerabilities.
🛡️Assign an SLT digital lead - this will help you meet some of the above criteria as they address the DfE Digital Standards. Review our website here: 👉 https://digitalstandardstracker.co.uk/
Review our End of Term checklists: End of Term/Year Routines for Schools
Review our other Guidance for Schools and Data Protection about taking privacy precautions at the end of term: Navigating privacy at the end of term
Review physical security of the building: document DPE Model Physical Security Policy (179 KB)
Review the NCSC's 'A Guide to Ransomware'
Remember the cyber criminals will not be taking a holiday!
What to do in the event of a Cyber Attack
Tell someone! Report to IT. Report to SLT.Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off. Isolate the infected device and pass to IT
If you are a victim of a ransomware attack we would recommend reporting this to:
Action Fraud: https://www.actionfraud.police.uk/ as well as your data protection officer so they can advise about the data loss or your local police and ask for the cyber crime team or phone 101 and ask for the cyber crime team.
Most cyber crimes like these will also need to be reported to the ICO by your data protection officer. Our customers should email
These incidents should also be reported to the DfE sector cyber team at
Academy trusts have to report these attacks to ESFA.
Where the incident causes long term school closure, the closure of more than 1 school or serious financial damage, you should also inform the National Cyber Security Centre.
Always ensure there are backups you can restore from. Preserving evidence is as important as recovering from the crime.
Forward suspicious emails to
Image created using Canva AI technology