The headlines often focus on large organisations or governments falling victim to cyber attacks, such as M&S and the Co-op, however, there is an increasing number of attacks on schools and colleges.  A ransomware attack on a school can be particularly devastating, crippling operations, disrupting learning and putting sensitive student and staff data at risk.

Creating a cyber action plan will help you navigate the digital world safely.  A well thought out plan can help you with a structured approach to improving your security posture, help identify weaknesses and ensure a rapid response when an incident occurs.  It can move you from reactive panic to proactive preparedness.

While cyber security may sound complex and something just for 'the IT department', that couldn't be further from the truth.  Cyber security is a shared responsibility, and every individual from the CEO down to the newest apprentice, plays a vital role in protection themselves and their broader digital ecosystem.

Even with the robust preventative measures, cyber attacks can happen.  The key is is not to panic and to have a plan, most organisations will call this a cyber incident response plan.  Knowing what to do in the immediate aftermath can significantly mitigate the damage, limit data loss and speed up recovery.

On day 3 of Cyber Security Awareness Month we are looking at data security.  Data Security refers to the measures taken to protect date from unauthorised access, corruption or theft throughout its lifecycle.

Our second day of Cyber Security Awareness Month is about controlling access to your personal information and how it is used. Personal data is now constantly being collected, processed and shared.  Privacy protection is about exercising control over who has access to your personal data and how it is used.

October is Cyber Security Awareness Month!  And although we don't think that Cyber Security awareness is something to cover just once in the year,  we are dedicating this month to raising awareness about digital safety.

A cyber attack on nursery chain, Kido claims to have stolen photos, names and addresses of around 8,000 children.  The information includes parental details and carers and safeguarding notes.

The Cyber Assessment Framework (CAF) is cyber security guidance for organisations that play a vital role in the day-today life in the UK and organisations should look to it as guidelines for helping keep data safe.

Given the Public Sector Fraud Authority estimates that every year between £39.9 billion and £58.5 billion of taxpayer's money is subject to fraud and error, it's no wonder the UK Government has published some guidance about fraud awareness.

With the recent Data Use and Access Act, organisations must now be more precise than ever about how they handle data rights concerns; the complaints process for data rights is clarified and formalised. This article discusses best practice around which complaints process to use when you receive a complaint.

Joe Tidy, BBC's Cyber correspondent has published a blog about cyber crime in schools following the ICO issuing a warning about the 'worrying trend' of students hacking their own school and college IT systems for fun or as part of dares. We explore the situation and what you should do when it happens.

Parents of a school in Birmingham are concerned that a school has accidentally shared a spreadsheet which contained student names for children in Year 7 to Year 11 and parental contact details.

We've updated and added some new policies, including the Data Protection Policy, Model Redaction Guidelines, Data Rights Complaints Process, Freedom of Information Policy, SAR Procedure Template, SAR Response Template, Subject Access Request Clarification Template.  This article shows an amendments made to the documents.

The latest release of the "Keeping Children Safe in Education" guidance brings important updates for schools and colleges, including points relating to the rapidly evolving digital landscape.  Most of the changes in this year's guidance are technical.

We've published a new e-learning module for 2025 data protection training.

The recent data breach involving Online SCR, an online provider of single central record (SCR) services, has put the personal data of education staff at risk.  The breach was a result of a cyber attack on a subcontractor.

As schools begin to welcome back students, staff and new joiners, the focus is on the new academic year: curriculum planning, safeguarding and operational logistics.  An equally critical and statutory area that demands attention is data protection and cyber security compliance.  Adhering to data protection law isn't just about avoiding fines; it's about protecting sensitive personal data of children, their families and staff.

The Murky Panda (also known as Silk Typhoon) is a cyber threat that has had significant activity since 2023 and has targeted government, technology, academic, legal and professional services. Currently there are reports of the threats only in North America, however, as the Murky Panda has previously targeted compromises in the cloud, it is assumed that they will easily transition to attacks further afield. The threat group is a China-nexus group

The ICO Accountability Framework is a crucial tool for any organisation handling personal data, providing a structured approach to data protection compliance. When applied to the Department for Education (DfE) Digital Standards, it becomes a powerful mechanism for schools and trusts to ensure their technology and data practices are not only efficient but also legally compliant and secure.

The DfE has published the report for their consultation: Narrowing the Digital Divide in Schools and Colleges, with the conclusion that schools can and want to meet the standards by 2030.

The changes to the Academy Trust Handbook will be effective from 1st September 2025 and include some statutory digital standards recommendations.

A secondary school in Cornwall close for two days due to a 'cyber incident'.

This podcast episode delves into the often-overlooked but crucial topic of records management within the school environment. It breaks down the lifecycle of a record from creation to disposal, highlighting the legal framework schools operate within, including the Data Protection Act 2018, UK GDPR, and the Freedom of Information Act 2000. The episode also explores the consequences of non-compliance, the importance of a robust Records Management Policy, and the specific considerations for handl