Finding the right IT partner and support provider is a big decision. Due diligence for IT Support isn't just about who can 'fix computers', it's about ensuring standards are followed and they work with you to meet your organisation's strategy. Data Protection Education has a DfE IT Support Tracker and Supplier Due Diligence Directory to provide support and guidance as well as tracking your progress.
The Government Cyber Action Plan, published in January 2026, sets out a radical shift in how the UK public sector manages cyber security and digital resilience. It moves away from fragmented, siloed defences toward a "Defend as One" model led by a new Government Cyber Unit within the Department for Science, Innovation and Technology (DSIT).
NUNEATON, January 7, 2026 — Higham Lane School in Nuneaton has been forced to remain closed this week following a "significant" cyber attack that has crippled its entire digital infrastructure. The incident, which was discovered over the weekend just as students were set to return from the Christmas break, has left approximately 1,500 pupils unable to attend classes.
📢📢 Come and register for our new Data Protection Education webinars for 2026!
We're sharing some small snippets over Christmas to share with staff. Please feel free to share the link to this short news article or follow us over on our social media channels where we share additional help and advice - we'd love to see you there!
We're excited to announce one of our speakers at our MAT conference: Chris Everard, Active Learning Trust.
We're excited to announce one of our speakers at our MAT conference: Emma Martins, Chief Commissioner - Data and Marketing Commission (UK).
We've updated the CCTV policy to consider the requirements of retention, especially over the summer holiday.
There may be situations where at the start of a summer holiday a subject access request comes in for CCTV footage - but there are no resources available in school to stop the footage from being deleted under the regular retention schedule.
Therefore, where organisations are unable to access and retrieve this footage over the holidays, we recommend extending the re
We're sharing some small snippets over Christmas to share with staff. Please feel free to share the link to this short news article or follow us over on our social media channels where we share additional help and advice - we'd love to see you there!
We're sharing some small snippets over Christmas to share with staff. Please feel free to share the link to this short news article or follow us over on our social media channels where we share additional help and advice - we'd love to see you there!
The DfE Technology in Schools survey: 2024 to 2025 was published this week. We give our views on the results:
Several London councils are believed to have been targeted in cyber attacks within the past few days, including Hammersmith, who were previously attacked in 2020.
The government has announced an additional Digital Standard to help with planning, commissioning and reviewing their IT support services. The services can be internal, external or a hybrid. Effective IT support is essential for maintaining technology, planning improvements and mitigating risks like outages and cyber incidents, and sits alongside the other 11 standards.
The ICO has published some updated guidance for people and organisations who work in the education sector with children and young people under 18. The idea of the guidance is to help organisations feel confident to share personal information for safeguarding purposes.
Whether it's via a support ticket, online data protection compliance meeting or data walk around an organisation, we are having lots of conversations about the use of Shadow AI - the use of AI tools, applications or models by staff or students without the formal approval, oversight or governance of the organisation.
We're excited to announce one of our speakers at our MAT conference: Arati Patel-Mistry, Department for Education
As Cyber Security Awareness Month draws to a close, it's important to recognise that cybersecurity isn't a destination; it's a continuous journey. For organisations, particularly those in the education sector, this journey often involves working towards recognised standards and certifications. In the UK, Cyber Essentials and Cyber Essentials Plus are government-backed schemes designed to help organisations protect themselves against common cyber threats. For schools, the Department for Educat
Understanding where to get help for cyber resilience and in the event of a cyber attack is crucial for both individuals and organisations. The good news is that there is help and guidance available!
Administrator accounts (often called "privileged accounts") are the most powerful and, so, the most sought-after targets for cybercriminals. These accounts hold the "keys to the kingdom," possessing extensive permissions to configure systems, access sensitive data, manage users, and make critical changes across an entire network or application. A single compromised admin account can lead to a catastrophic data breach, widespread system paralysis, or complete organisational takeover by attacke
Phishing remains one of the most prevalent and effective cyberattack methods, tricking millions into compromising their data every year. These deceptive messages, often arriving via email, text message (smishing), or phone call (vishing), are designed to look legitimate. They aim to trick you into revealing sensitive information like login credentials, credit card numbers, or personal data, or to click on malicious links that install malware. They may also be the start of a more complex
Your password is your first, and often most critical, line of defence. Yet, far too many people still rely on easily guessable combinations like "123456" or "password," leaving their digital lives wide open to attack. Cybercriminals use sophisticated tools to crack weak passwords in seconds, and is one of the easiest forms of attack - low risk.
It's easy to overlook the importance of physical security when we rely so heavily on digital systems, but it's a critical component of overall cyber security. This means protecting your devices and data from unauthorised physical access. For individuals, it's locking your laptop when you step away, securing your home network equipment, and shredding sensitive documents. For organisations, it includes controlled access to offices and server rooms, securing hardware (laptops, USB drives), and m
For most organisations, servers are the undisputed backbone of their IT infrastructure. They house critical applications, store vast amounts of sensitive data (customer information, intellectual property, financial records), and power essential services. Consequently, servers are prime targets for cyber attackers, making robust server security an absolute necessity, not an option. A compromise of even one critical server can bring an entire operation to its knees.
We often see a rise in the number of Subject Access Requests received by schools at the end of term or at the end of the academic year. This article, therefore, covers guidance and support around subject access requests, how to recognise them and how to respond.
We're excited to announce one of our speakers at our MAT conference: Joe Tidy, BBC Cyber Correspondent & Author.
Regular backups are the most fundamental and vital cyber security practices; they are your indispensable recovery safety net, ensuring that even if disaster strikes, valuable data can be restored.
In cybersecurity, filtering and monitoring are proactive measures that act as your digital watchdogs, guarding against threats by controlling what comes in and out of your networks and systems, and by continuously observing activity for suspicious signs. These practices are essential for early threat detection and prevention.
Printers are often overlooked, however, they can represent significant security vulnerabilities if not properly secured. Modern printers are essentially specialised computers with network connections, storage capabilities, and their own operating systems, making them potential targets for cybercriminals.
In any organisation, and even for individuals with multiple devices, simply knowing what hardware and software you own is the foundational step for effective cybersecurity. This practice is known as asset management, and it's far more than just an inventory list; it's a critical component of risk management and security posture. You cannot protect what you do not know you have, or what state it's in.
When upgrading your tech or getting rid of old devices, simply deleting files or formatting a hard drive is often not enough to truly erase your data. Safe disposal of hardware is a critical, yet frequently overlooked, aspect of cybersecurity. If sensitive personal or organisational information remains recoverable on old devices, it can easily fall into the wrong hands, leading to identity theft, financial fraud, or severe data breaches.