by Gareth Jelley, Product Security Manager, edtech charity, LGfL – The National Grid for Learning
Figures from the Information Commissioner’s Office (ICO, 2024) reveal a steep increase in cyber-incidents within the education and childcare sector, with 354 cases reported in 2023, a significant rise from 224 the previous year. Government data also indicates that the majority of schools and colleges have experienced a cyber-security breach in the past year (DSIT, 2024).
What steps can schools take?

Emerging cyber-security trends include the exploitation of remote access systems.
A growing number of schools have fallen victim to cyber-attacks due to vulnerabilities in their remotely accessible systems. Without multi-factor authentication (MFA) remote desktop services which enable staff to access internal resources, become easy targets for attackers.
Cybercriminals exploit weak points through brute force password attacks, password spraying, and phishing schemes, to gain unauthorized access to school networks. They can then launch further attacks, steal sensitive data, or disrupt school operations. Multi-factor authentication is one of the most effective defences, yet many schools still do not have it in place.
Control user access privileges
Role-based access control (RBAC) ensures employees only access information necessary for their roles. Limiting administrative access reduces the risk of internal security breaches and enhances overall data protection.
Outdated software can be costly – proactive planning is key.
On October 14, 2025, Microsoft will cease support for Windows 10. Software updates not only enhance functionality – they include essential security patches that protect against vulnerabilities. Schools relying on outdated software will need to invest in extended support, or budget for hardware upgrades, to mitigate potential security risks. Security vendors are also expected to increase their fees for maintaining older systems.
Plan ahead for software and operating systems updates. Always apply security patches as soon as they become available to mitigate vulnerabilities.
Robust cyber-response plans.
The National Cyber Security Centre Audit (NCSC, 2023) revealed that 50% of schools lack an effective Cyber Response Plan. Existing plans often omit critical details – access to administrator passwords, encryption keys, system restoration procedures, and notification protocols for cyber insurance providers. Strategies should include: a risk register to identify and analyse potential threats; both cloud-based and hard-copy documentation of security protocols; and clear instructions on responding to data breaches, ransomware attacks, and other cyber threats.
Testing plans is a crucial step in ensuring readiness. The NCSC offers a free tool called ‘Exercise in a Box’ (www.ncsc.gov.uk/section/exercise-in-a-box/tabletop-exercises) to help schools test and refine their cyber-attack response strategies.
Partnership between leadership and IT support
A collaborative approach between school leadership and IT teams offers several benefits:
- Comprehensive risk assessment: Leadership understands operational risks, while IT teams provide technical expertise.
- Shared responsibility: Cyber-security should not be solely an IT concern. When leadership is engaged, a culture of awareness and responsibility spreads across the school community.
- Effective training: Senior leaders can champion security training initiatives, ensuring all staff members understand their role in preventing cyber-incidents.
- Resource allocation: With leadership backing, schools can secure necessary funding for security tools, staff training, and infrastructure improvements.
- Continuous improvement: Cyber-threats constantly evolve so regular reviews and updates to security protocols help schools to stay ahead of emerging risks.
Implementing cyber-security standards
To minimize the risk of cyber-attacks, schools should adhere to the Department for Education’s Cyber-Security Standards for Schools and Colleges (DfE, 2022), which outline essential security measures.

Regular cyber risk assessments
Annual cyber risk assessment, along with termly reviews, help schools identify vulnerabilities in hardware, software, and data management. Proactively addressing weaknesses can strengthen security and response plans.
Anti-malware and firewalls
Installing anti-malware software and firewalls helps safeguard school networks from malicious activity. Anti-malware tools detect and remove threats, while firewalls act as barriers against unauthorized access.
The 3-2-1 backup plan
Regular data backup is essential in case of a cyber-attack. The NCSC advises the 3-2-1 backup rule:
- Maintain three copies of important data
- Store backups on two different types of media – cloud and external drive
- Keep one backup offsite to ensure recoverability in case of a disaster.
Any cyber-attack should immediately be reported to Action Fraud (www.actionfraud.police.uk/) the UK’s national cyber-crime reporting centre. Rapid reporting helps mitigate damage and prevent further attacks.
As cyber-attacks rise, proactive steps must be taken to strengthen school defences. Regular risk assessments, user access controls, and robust security protocols are essential in protecting student and staff data. Keeping software up to date, implementing multi-factor authentication, and maintaining comprehensive backup plans further enhance cyber resilience.
By adhering to government cyber-security guidelines and fostering a security-conscious culture, schools can reduce their vulnerability to cyber threats. Collaboration between leadership teams and IT support is key to ensuring that cyber-security measures are both strategic and effective. A well-prepared school is not only better equipped to prevent attacks but also capable of responding swiftly and effectively should an incident occur. For more information on cybersecurity for schools please visit Security | LGFL.
Recent Comments