{"id":9786,"date":"2025-05-02T09:34:49","date_gmt":"2025-05-02T08:34:49","guid":{"rendered":"https:\/\/www.gpsj.co.uk\/?p=9786"},"modified":"2025-05-02T09:35:56","modified_gmt":"2025-05-02T08:35:56","slug":"proactive-measures-to-strengthen-cybersecurity-in-schools","status":"publish","type":"post","link":"https:\/\/www.gpsj.co.uk\/?p=9786","title":{"rendered":"Proactive measures to strengthen cybersecurity in schools"},"content":{"rendered":"\n

by Gareth Jelley, Product Security Manager,<\/em><\/strong> edtech charity, LGfL \u2013 The National Grid for Learning<\/em><\/strong><\/p>\n\n\n\n

Figures from the Information Commissioner\u2019s Office (ICO, 2024) reveal a steep increase in cyber-incidents within the education and childcare sector, with 354 cases reported in 2023, a significant rise from 224 the previous year. Government data also indicates that the majority of schools and colleges have experienced a cyber-security breach in the past year (DSIT, 2024).<\/p>\n\n\n\n

What steps can schools take?<\/strong><\/p>\n\n\n

\n
\"\"
Gareth Jelley<\/em><\/figcaption><\/figure>\n<\/div>\n\n\n

Emerging cyber-security trends include the exploitation of remote access systems.<\/em><\/p>\n\n\n\n

A growing number of schools have fallen victim to cyber-attacks due to vulnerabilities in their remotely accessible systems. Without multi-factor authentication (MFA) remote desktop services which enable staff to access internal resources, become easy targets for attackers.<\/p>\n\n\n\n

Cybercriminals exploit weak points through brute force password attacks, password spraying, and phishing schemes, to gain unauthorized access to school networks. They can then launch further attacks, steal sensitive data, or disrupt school operations. Multi-factor authentication is one of the most effective defences, yet many schools still do not have it in place.<\/p>\n\n\n\n

Control user access privileges<\/em><\/p>\n\n\n\n

Role-based access control (RBAC) ensures employees only access information necessary for their roles. Limiting administrative access reduces the risk of internal security breaches and enhances overall data protection.<\/p>\n\n\n\n

Outdated software can be costly \u2013 proactive planning is key.<\/em><\/p>\n\n\n\n

On October 14, 2025, Microsoft will cease support for Windows 10. Software updates not only enhance functionality – they include essential security patches that protect against vulnerabilities. Schools relying on outdated software will need to invest in extended support, or budget for hardware upgrades, to mitigate potential security risks. Security vendors are also expected to increase their fees for maintaining older systems.<\/p>\n\n\n\n

Plan ahead for software and operating systems updates. Always apply security patches as soon as they become available to mitigate vulnerabilities.<\/p>\n\n\n\n

Robust cyber-response plans.<\/em><\/p>\n\n\n\n

The National Cyber Security Centre Audit (NCSC, 2023) revealed that 50% of schools lack an effective Cyber Response Plan. Existing plans often omit critical details – access to administrator passwords, encryption keys, system restoration procedures, and notification protocols for cyber insurance providers. Strategies should include: a risk register to identify and analyse potential threats; both cloud-based and hard-copy documentation of security protocols; and clear instructions on responding to data breaches, ransomware attacks, and other cyber threats.<\/p>\n\n\n\n

Testing plans is a crucial step in ensuring readiness. The NCSC offers a free tool called \u2018Exercise in a Box\u2019 (www.ncsc.gov.uk\/section\/exercise-in-a-box\/tabletop-exercises<\/a>) to help schools test and refine their cyber-attack response strategies.<\/p>\n\n\n\n

Partnership between leadership and IT support<\/strong><\/p>\n\n\n\n

A collaborative approach between school leadership and IT teams offers several benefits:<\/p>\n\n\n\n