Schools & MATs

DfE cyber security standards update for schools and colleges, reflecting NCSC Cyber Essentials 202

On 24 June 2026, the DfE updated its Cyber Security Core Standard for schools and colleges in England. The update reflects new technical requirements introduced by the National Cyber Security Centre (NCSC) as part of the Cyber Essentials 2026 scheme.

 

This is the second update to the DfE cyber security standards in 2026. Our April 2026 article covered the earlier change, which introduced a mandatory 14-day remediation window for hig

ICO EdTech Examined report graphic, highlighting data protection audit findings for UK schools and children'

The ICO's edtech audit programme, covering 28 providers used across UK primary and secondary schools, has resulted in one of the most significant data protection reports to affect the education sector in years. Published in June 2025, the ICO's EdTech Examined report made 596 recommendations and found widespread compliance failures in how edtech providers handle children's personal data. This article sets out what was found and what schools and

Graphic representing the Department for Education (DfE) Data Protection in Schools guidance update from June

The Department for Education (DfE) updated its Data protection in schools guidance on 17 June 2026, this refresh aligns the guidance with the wider expected KCSIE 2026 guidance and reinforces existing obligations that schools should already be acting on.

This article sets out what has changed, what it means for your school in practice, and the actions your data protection lea

DfE Filtering and Monitoring Core Standard graphic for schools and colleges, essential for safeguarding children.

The Keeping Children Safe in Education (KCSIE) document obliges schools and colleges in England to “ensure appropriate filters and appropriate monitoring systems are in place and regularly review their effectiveness”. This responsibility is now a standard, no just a technical tick box, but a core leadership and safeguarding function.

Shottermill Junior School building in Haslemere, Surrey, recently impacted by a

In May 2026, Shottermill Junior School in Haslemere, Surrey became the latest UK primary school to fall victim to a ransomware attack. The LockBit 5.0 group officially listed the school as a victim on 9 June 2026, with threat intelligence monitors detecting the initial network infiltration as far back as 20 May 2026. This means the attackers had approximately three weeks of dwell time inside school systems before the attack became public

Illustration depicting a cyber attack impacting Powys County Council, symbolizing the theft of personal data from schools in

What Happened?

On 4 June 2026, Powys County Council confirmed that a cyber security incident had resulted in the theft of personal data belonging to pupils, staff, and others connected to schools in mid-Wales. Thirteen schools were affected by the wider incident, with personal data specifically taken from at least one. The attack was first identified in April 2026 and, according to the council, was “quickly contained”, but not before

AI-manipulated images of smiling children, symbolizing the urgent online safety risks for schools

This article combines guidance from the Guardians of Privacy series, produced by Data Protection Education in collaboration with Litus Digital, with urgent new advice issued in May 2026 following confirmed blackmail attempts against UK schools using AI-manipulated images of children. Key sources include the UK Safer Internet Centre (8 May 2026) and the Internet Watch Foundation.

  1. What School Leaders Need to Know About the DfE's New Cyber Security Hub
  2. The Cyber Security Breaches Survey 2025/2026 - Key Advice for Schools
  3. The 2026 Mandate: Navigating the Children’s Wellbeing and Schools Act.
  4. Visitor Management: A Guide for Schools
  5. Update to the DfE Digital Cyber Security Standards for Schools and Colleges
  6. Wireless Network Standards for Schools & Colleges: What's New?
  7. How were schools and pupils affected by the C2K cyber attack?
  8. School Cyber Attack: St Anne's Catholic School
  9. Volunteer Acceptable Use Policy & Agreement
  10. Handling Subject Access Requests (SARs) - at the end of term
  11. Holiday Cheer or Cyber Fear? : Essential Pre-holiday Checks
  12. How should schools manage paper archives?
  13. Navigating the Redaction Divide: SAR or PEX?
  14. What type of request have you received? SAR? Educational Record? Or FOI?
  15. Leavers' Memorabilia
  16. Sharing photos on World Book Day: Privacy considerations
  17. The Danger of the 'Data Dump': Why more information isn't always better!
  18. Cyber Alert: Surrey and Sussex Schools Targeted by Phishing and Ransomware Attacks
  19. Parents and students covertly recording conversations
  20. New DfE AI Standards
  21. Is your IT Support Provider Compliant?
  22. The Government Cyber Action Plan
  23. School Cyber Attack: Higham Lane School Hit by Major Cyber Attack: Campus Remains Closed
  24. What does the technology in schools survey tell us?
  25. IT Support Standards for Schools and Colleges Guidance (DfE Digital Standards)
  26. Sharing information to safeguard children and young people in the education sector in the UK
  27. October 31. On the road to improving cyber resilience
  28. October 30. Cyber Support
  29. October 29. Admin Controls & Accounts
  30. October 28. Phishing: Don't Take the Bait!
  31. October 27. Passwords
  32. October 26. Physical Security of Digital Assets
  33. October 25. Server Security: Protecting Your Digital Core
  34. October 24. Backups: Your Recovery Safety Net
  35. October 23. Filtering and Monitoring
  36. October 22. Hardware: Printers
  37. October 21. Hardware: Asset Management
  38. October 20. Hardware: Safe disposal
  39. October 19. Anti-virus/anti-malware
  40. October 18. Regular Updates: Patching Against Threats
  41. October 17. Access Control: Managing User Privileges
  42. October 16. Access Control: Securing Your Digital Gateways (Wi-Fi & Networks)
  43. October 15. Access Control: Securing Your Home Office (Working From Home)
  44. October 14. Access Control : (Multi-factor authentication)
  45. We've teamed up on a podcast with the Small Business Cyber Security Guy
  46. October 13. Cyber Security Awareness
  47. October 12. Training: Empowering your human firewall
  48. October 11. Policies and Procedures: Cyber Blueprint
  49. October 10. Understanding Your Cyber Posture
  50. Time's Ticking: Windows 10 support ends in October 2025!
  51. October 9. A Guide for Education Providers
  52. October 8. How Can Your Organisation Prevent Ransomware Attacks?
  53. October 7: Under Attack: The Reality of Ransomware
  54. October 6: Cyber Action Plan and A Roadmap to Resilience
  55. October 5: Cyber Responsibilities - We're All in This Together
  56. October 4: When a Cyber Attack Hits
  57. October 3: Data Security, the Core of Protection
  58. October 2: Privacy Protection & Safeguarding Personal Data
  59. October 1: Welcome to Cyber Security Awareness Month!
  60. Nursery Cyber attack
  61. Fraud awareness from the DfE
  62. The Classroom's Dark Side: Cyber crime from the Classroom
  63. Data Breach: School sends out names and contact details in a spreadsheet.
  64. KCSIE 2025: Data Protection, AI, and Cyber Security
  65. The Online SCR Data Breach: What You Need to Know
  66. Back to School Basics for Data Protection and Cyber Security Compliance
  67. The Latest Cyber Threat: The "Murky Panda"
  68. Building a Secure School: Using the ICO Accountability Framework to Meet DfE Digital Standards
  69. Why Physical and Data Security Must Go Hand-In-Hand
  70. Digital Safeguarding: DfE announces statutory DfE Digital Standards
  71. The Data Protection Lead/Champion Role
  72. Changes to the Academy Trust Handbook 2025
  73. School closes for two days after cyber incident
  74. Social Media Day 2025
  75. How Ofsted looks at AI during inspection and regulation
  76. Data Breaches 2025 Report Highlights
  77. Not everyone needs access: The Key to Protecting Sensitive Data
  78. School cyber attack: Outwood Academy, Middlesbrough
  79. Alert: Schools receiving Microsoft File Sharing Phishing Emails
  80. School cyber attack: Framlingham College, Suffolk
  81. West Lothian Schools in Cyber Attack
  82. A Wake-Up Call for Cyber Vigilance - Danger in the Threat Landscape for Everyone
  83. New Governor Resources
  84. Are teachers using AI? 83% say its a time-saver
  85. DfE Digital Standards - narrowing the digital divide
  86. Arbor AI - On By Default
  87. DfE Guidance: Choosing a new MIS
  88. Short Guide to AI Video
  89. Safer Internet Day, Cyber Security & Data Protection
  90. The Cyber Resilience Championship
  91. The Multiple Dimensions of Supplier Due Diligence
  92. School shares sensitive pupil information as part of an FOI response
  93. Blacon High School Cyber Attack
  94. WhatsApp and FOI's: ICO Warnings
  95. New AI Guidance from the DfE
  96. What the proposed Government legislative proposal around cyber crime means
  97. DfE update to record keeping and management
  98. Update to data sharing for school immunisation programmes
  99. SLT Digital Lead Profile
  100. The role of governors in cyber security and data protection
  101. Navigating Privacy at the End of Term , Special Occasions and End of Year
  102. South East Technological University has experienced a cyber incident
  103. Safeguarding Identity in Microsoft 365: Protecting the UK Education Sector Against Cyber Threats
  104. Cyber Attack on a Special School
  105. Stealing children's data
  106. Ofqual highlights the value of cyber security training in schools
  107. Fylde Coast Academy Trust Cyber Attack This Week
  108. Calling all IT leads in schools and mult academy trusts!
  109. Ransomware cyber attack on a school in Bromley
  110. School hit by Cyber Attack
  111. DfE Digital Standards for Schools and Colleges Tracker
  112. Schools and Trusts Best Practice Area
  113. ESFA Cyber Essentials Requirement for Colleges from 2024/2025
  114. ICO Reprimands a School
  115. Out of date technology
  116. Data Retention and the Pupil File
  117. Have you assigned your SLT Digital Lead yet?
  118. What's a Cyber Incident and what should we do?
  119. Getting Started with AI (Artificial Intelligence)
  120. Cyber attack on a school during half term
  121. The rise of cyber attacks in schools are causing pupils to miss classes
  122. Cyber attack on a Trust; the aftermath
  123. School Focus: The Vale Federation | Aylesbury
  124. DfE Dealing with Subject Access Requests (SARs) Guidance
  125. Update to the Guidance on Information Sharing from the DfE
  126. Product Focus on Checklists : Initial Trust Plan
  127. Product Focus on Checklists : End of Term Checklist
  128. Product Focus on Checklists : Social Media
  129. Product Focus on Checklists : Lettings
  130. Milk Island: The secret location that allows children to view restricted content on Google Maps
  131. Free Cyber help, advice and training with the Cyber Resilience Centres
  132. The Perils of Paper: The Printing Vulnerability
  133. Product Focus on Checklists : Governors and Data
  134. Product Focus on Checklists : Site Moves
  135. Cyber attack on a University
  136. Product Focus on Checklists : Bring your own device
  137. Product Focus on Checklists : Working out of school/offsite
  138. Cyber Attack on a School
  139. Major cyber-criminal gang Lockbit brought down by UK Law Enforcement
  140. Product Focus on Checklists : Photos and video
  141. Safer Internet Day 2024
  142. Kent Councils Data Breach
  143. Free cyber training for staff
  144. DfE Digital Standards Update
  145. ClassCharts Possible Data Breach
  146. School Focus: St Bernadette's Catholic Primary School | Brighton
  147. Guardians of Privacy: 16. Social Media Checklist
  148. Guardians of Privacy: 15. Navigating Social Media in Educational Settings Summary
  149. Guardians of Privacy: 14. Social Media and Cyber Bullying
  150. Guardians of Privacy: 13. Social Media, Copyright and Intellectual Property
  151. Guardians of Privacy: 12. Social Media and Going Viral
  152. Guardians of Privacy: 11. Staff Social Media Accounts
  153. Guardians of Privacy: 10. Social Media and Cookies
  154. Guardians of Privacy: 9. Social Media and Morality
  155. New Resources for Schools from the ICO
  156. Guardians of Privacy: 8. Social Media Policies
  157. Guardians of Privacy: 7. Social Media Data Retention
  158. Guardians of Privacy: 6. Posting Safely
  159. Guardians of Privacy: 5. Social Media and Consent
  160. Guardians of Privacy: 4. Social Media Access Control
  161. Guardians of Privacy: 3. Social Media Channels
  162. Guardians of Privacy: 2. Law and Regulations
  163. Phishing attacks targeting schools - alert from City of London Police
  164. The ICO reprimands a Multi Academy Trust
  165. Guidance for the use of school email and applying email retention in schools
  166. Data Protection Tips for Early Years Settings
  167. Trust Initial Plan Checklist Update
  168. Update on Advisory for Rhysida Ransomware
  169. Trust Initial Plan for Data Protection Compliance (for Multi Academy Trusts)
  170. Google for Education Resources: Helping IT Admins meet DfE digital and technology standards
  171. Lettings Best Practice and Guidance
  172. The UK Online Safety Bill becomes an Act (Law)
  173. Considerations when migrating to a new MIS
  174. The importance of software updates (PaperCut vulnerability and Rhysida ransomware)
  175. Public bodies and sensitive data
  176. ICO: 10 Step guide to sharing information to safeguard children
  177. Email and Security: ICO recent guidance
  178. Social Media Policy
  179. Data Protection and Cyber Security (Inset Day) Training Ideas
  180. Changes to Microsoft Free Licensing for Schools
  181. What to do in the event of a Cyber Attack
  182. How KCSIE is linked to Cyber Strategy
  183. VICE SOCIETY - Ransomware attacks on schools
  184. Using Tags if you are a group of organisations in the DPE Knowledge Bank
  185. Cyber Insurance in the Public Sector
  186. Cyber Attack: Leytonstone School
  187. The ICO Reprimands a school
  188. Cyber Attack: Dorchester School
  189. Knowledge Bank Role Types: Admin, Staff and Trustee
  190. Cyber Attack: Wiltshire School
  191. Types of Cyber Attacks: The Insider Threat
  192. Why your data is profitable to cyber criminals
  193. Striking Data Breach
  194. January Cyber update - How Can Schools Help Prevent Cyber Attacks?
  195. FOI: Vaccination Justifications
  196. The Education sector now at highest risk of cyber attacks
  197. Schools Blocked from Using Facial Recognition Systems
  198. The Children's Code
  199. Cyber Attacks
  200. Protocol for Setting Up and Delivery of Online Teaching and Learning
  201. Class Dojo International Data Sharing
  202. Secure file transfer of files using Royal Mail
  203. Emergency contacts and consent
  204. Best Practice for Managing Photos and Video
  205. Headteacher fined for breach of data protection legislation

Search