top of page

What can I do to improve my school or college’s cyber resilience?

Cyber-attacks against schools continue to be a concern across the Eastern region.

Photo of a school lesson

The reasons for this are fairly simple

  • Schools possess enormous quantities of high value and sensitive data that they may have to pay for to get back.

  • Schools’ networks and processes offer a lot of vulnerabilities through either underinvestment or weaknesses in their underlying processes. In many cases these vulnerabilities are caused by the necessity of having so many people and devices to attach to the network

A number of education ransomware alerts have been published by the National Cyber Security Centre over the past couple of years. Thousands of schools have been attacked over the past few years and many have resulted in long term problems for the organisations affected, including the staff, students, and parents.

Whilst the rise in attacks was blamed partly on the pandemic and a rise in remote learning, the risk to schools will persist until they are provided with the tools to fight back. And these attacks are happening right now in our region. In the summer of 2021, a ransomware attack against schools in Kent actually caused several to close for several days whilst the data breach was resolved. And these cyber-attacks are continuing to affect schools and colleges every day in our region.

An online UK survey in 2022 from Cantium Business Solutions found that two-thirds (66 percent) of UK schools surveyed claimed to have suffered a cyber-attack in the last 18-months and only 35 percent felt strongly that they were well prepared to protect their school against malicious activity in the future.

What should I do now?

The good news is that you can start to improve your cyber defences now, with little or no technical training, and no or minimum cost. And education has been provided with a wealth of free tools and services. Click here to find out more. Additionally

  1. Ensure all your staff are using strong passwords. This means that they are unique – not used across multiple platforms – and not easily guessable. Consider using a password manager for your staff to use. Remember just one strong password and your manager remembers the rest. Watch our short video to find out more.

  2. Enable 2 Factor Authorisation (2FA) wherever possible, but specifically on any social media site, emails and anywhere you have payment details. This means that if your staff’s usernames or passwords are released, criminals still won’t be able to access the account. You can find more about 2FA here.

  3. Have offline backups and test the recovery of them. Companies falling victim to ransomware still pay criminals even though they have backups because they have never evaluated them, and then when they need the data the most, they find that they can’t recover.

  4. Ensure you have anti-malware on all devices, including your phones.

  5. Train your staff to recognise common phishing attacks and how to report them. Phishing attacks are the most common form of cyber-attack, and your staff can be your weakest link or your strongest defence, but only if they know what to look out for a do. The ECRC can provide bespoke staff awareness training to help with this.

  6. If you have a website, you can access one of our affordable student services and get a web app vulnerability assessment. This will look at whether your site is secure from the most common cyber-attacks against it. We also provide a First Stage Web Assessment, which is a simplified form of web assessment if cost is an option.

  7. Install system and software updates as soon as possible. Criminals also know about the vulnerability and will craft attacks specifically for known vulnerabilities. Speak to your own MSPs about this

  8. Have an incident response plan and test that it will help when the worst happens. You can find free template plan to get you started here.

  9. Look to get your school Cyber Essentials accredited – as well as protecting yourself against 60% of current cyber risks, it also comes with £25000 worth of cyber insurance.

What next

Whatever you do now, doing nothing should not be an option.

As an absolute minimum you should consider joining our growing community by signing up for our free core membership. Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England. Our site also contains numerous guidance and tools that can be accessed free for charge.

You may have access to some sort of IT support within your business and we recommend that you speak to them now to discuss how they can implement cyber resilience measures on your behalf. And find out if a response plan is currently held for your business and whether it is still in date!

Reporting a live cyber-attack 24/7

​If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.

Reporting a cyber-attack which isn't ongoing ​

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.

Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050).

2 comentários

22 de dez. de 2022



Parasaurolophus Grady
22 de dez. de 2022



The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page