Cyber Security in schools and Multi-Academy Trusts

Cyber security attacks are increasing in schools and MATs, so it is imperative that you are armed and ready in case you experience such an attack.  

You might wonder why a criminal organisation would wish to target schools to carry out cyber security attacks, but if you think about the type of personal information that is held, the volume of data held about children, parents and staff and the fact that schools/MATs may not have as much money to spend on cyber security as bigger private sector corporations, it makes schools a prime target.  

In the most recent data from the ICO (Quarter 2 of 2022), the Education sector had the second highest number of data breach reports made to the ICO. In 2022, up to the end of quarter 2, there were a total of 663 data breach reports submitted to the ICO from the education sector, 115 of those related to cyber security incidents.  

The most common type of cyber security incident was phishing attacks.  

You may have seen the recent media reports regarding a big cyber security attack by a criminal organisation known as ‘Vice Society’ targeting schools. 

Here are some tips on how to prevent a cyber security attack: 

  • Cyber security training for all staff – you can find some useful resources and training materials on the NSCS website. Please follow this link for a basic training video Cyber security training for school staff - NCSC.GOV.UK. 
  • IT Security and Acceptable Use Policies – ensure that these are up-to-date, fit for purpose, read and followed by all staff.  
  • Introduce Multi-Factor Authentication when logging on to the network and other software that you use to hold personal data.  
  • Password Security – ensure your passwords are secure, not easy to guess, are not written down or shared with others and, if necessary, changed regularly.  
    Password protection on sensitive files/files containing large volumes of personal data.  
  • Cyber Security Audit – carry out a cyber security audit internally to ensure you have the best protection for your IT systems. This will help to identify and deal with any potential weaknesses with your IT infrastructure before these are exploited.  
  • Ensure you have up-to-date anti-virus/malware software and firewalls in place.
  • Cyber Security Incident Response Plan – you should have a good, clear plan in place if you do experience a cyber security attack. 

If you would like any advice or assistance with your cyber security, please contact us (