Navbar button The Headteacher

Cybersecurity for schools – Are you protected from cyber criminals?

June 14, 2021, 11:57 GMT+1
Read in 4 minutes
  • Andrew Sherwin explains why schools are a focus for cyber criminals and how to stop them...
Cybersecurity for schools – Are you protected from cyber criminals?

The Covid-19 Pandemic has taught us many things, one is our exceptional ability to react and adapt to a changing landscape to continue teaching.

However, it has also highlighted issues in schools’ digital capabilities and a divide that will need to be bridged if we truly integrate digital into the learning environment.

Recent Ofcom research showed that nearly two million households have no access to the internet. Aside from this gap, many schools were ill-prepared for the additional challenges of digital learning.

While some found the move a mere inconvenience, others have faced struggles. While the move to digital brings positive change, it also carries challenges.

One area, in particular, and often overlooked by schools is cybersecurity. For many years, education has been somewhat apathetic about cybersecurity, believing they do not hold anything of value and will not be attacked.

This is short-sighted, during the pandemic, cybercriminals have relished the new digitally connected world, and threats have spiked, especially focusing on educational institutions.

Paul Chichester, Director of Operations at the National Cyber Security Centre (NCSC), said that the targeting of the education sector is completely unacceptable but is a real and growing threat. Weeks ago, schools were also issued an alert from the Department for Education.

This urged caution after an increasing number of attacks saw schools lose financial records, coursework, and Covid-19 test data.

Why is education a target?

A fundamental reason for targeting Education is the lack of fear around Cyberattack; after all, why would someone attack a school? This means many schools have underinvested and have inadequate cyber defences. Staff awareness of threats is low, making it easy for an attack to be successful.

Frankly, cyber defences have not sat high on many school agendas. “36 per cent of Primary Schools have identified Breaches or attacks in the last 12 months,” Cyber Security Breaches Survey 2021 – Department for Digital, Culture, Media and Sport.

What are the threats being faced by schools?

Phishing is the most common attack vector. This socially engineered attack is used to capture data and login credentials from staff or students.

Attackers masquerade as a legitimate entity, tricking the victim into providing information. Such attacks can result in data theft, email spoofing, loss of funds, and deleting data and files. Although in decline, ransomware is still a significant threat.

Many organisations have found themselves devastated both operationally, financially and in reputation by ransomware attacks. Can your school afford to be locked out of systems and staff and pupils’ files and work?

Simple steps to mitigate risks

Take Cybersecurity Seriously: Create a Leadership team that is responsible for the school’s Security Strategy. There needs to be ongoing ownership and strategy.

Understand Your Risk Exposure: Undertake an audit of your current systems, data points and cyber defences to understand where you may be vulnerable.

Backup Systems and Data: Ensure you have adequate backup systems in place for all of your data (including Google and Microsoft). Test this and ensure this is recoverable should the worst happen.

Educate and Inform: Unfortunately, we humans are responsible for the success of most attacks. Still, we can improve defences with staff awareness training on threats and make those targeted our biggest security asset.

Create Layers of Control: Establish effective management protocols and administration of users and systems.

Passwords and Credentials: Adopt stringent password policies and apply appropriate rules to login credentials. Look at using two-factor authentication as this provides additional layers of security.

With cybercrime exceeding organised crime and generating more revenue than some countries, the threats are only increasing and becoming more complex. Preparation and awareness are critical to creating stringent cyber defences, and we urge all schools to take IT seriously.

Andrew Sherwin is Client Director – Education for C>Ways. For further information or a free audit go to or email <>