Cybersecurity advice for schools

Schools hold a wide range of sensitive information about pupils, parents and staff. There are criminal gangs who specialise in attacking schools' IT systems, and who will exploit any technical vulnerability they can to steal that data and use it to commit fraud.

Every school is at risk of being attacked and needs to have direct access to relevantly skilled IT people to maintain and secure their systems. If you only have one IT support person, you need to consider what happens if you are attacked when that person is unavailable.

You should keep all systems up-to-date with security patches and updates. Securing systems to “best practice” levels, including applying emergency patches promptly, will reduce the chance of them being successfully attacked.

If you are successfully attacked, it is likely that Haringey will place restrictions on electronic connections with you, to reduce the heightened risk of the council being attacked via your already compromised systems, or by fake communications using your stolen data. 

Stolen data is most often used to:

  • blackmail the school by threatening to publish the data online. They will often encrypt the school’s systems after the theft, leaving you with no access to the data until the 'ransom' is paid
  • commit fraud on individuals, or to impersonate them and commit fraud under their identity

It is therefore essential for schools to act now to make sure their systems are secure.

Recommended actions

Back to top


Page last updated:

May 18, 2023