Keeping your school’s data secure: how to manage the risks

With the education sector targeted for attacks during this pandemic period, how secure is your school’s data? London CLC’s Peter Lillington sets out some of the risks along with the latest free resources to help you manage them.

Data security is of critical concern for a school’s business operations and its robustness affects every member of the school community. This includes not only the physical school infrastructure and network, but any cloud services, policies and procedures and people’s awareness and behaviours.

During this pandemic period there have been reports of increased criminal activity online and many instances of Covid-related scams of various kinds, whether the peddling of bogus treatments and tests or the use of fake identity stolen from an unsuspecting individual to unlawfully apply for government grants. An alert aimed at the education sector  was issued in September (pdf version available here), which describes the increase in ransomware attacks, looks at trends in how attackers get into their victims’ network, the crimes they commit and the mitigations organisations can take to disrupt ransomware attacks and enable effective recovery. 

It’s a National Cyber Security Centre (NCSC) alert and the NCSC’s own disclaimer is worth a look: 

“Any NCSC findings and recommendations made have not been provided with the intention of avoiding all risks, and following the recommendations will not remove all such risk. Ownership of information risks remains with the relevant system owner at all times.”

As it makes clear, risks will always remain, but there are things we can all do to reduce them.

With that in mind, what can schools do?

The NCSC itself is providing new guidance for governors with a useful list of eight questions for governors and school leaders to start the cyber security conversation. It also provides many infographic style resources that convey simply what schools need to consider. 

We particularly like the glossary as unusual sounding words and jargon abound in this field. You can also find it as an alphabetical list on a web page.

NCSC glossary

Especially relevant for the current period is the home working guidance. If your school or  local authorities are providing laptops and devices for families and students as well as staff it’s important that this aspect is considered.

The DfE recent guidance on remote learning, as well as the older guidance from lockdown, refers to the Video Conferencing service guide.

Screenshot from

On a much lighter note, if you get our weekly newsletter (you don’t?! Sign up now!) you may have seen a great explanation of https in comic form. Discover how cats, crabs and pugs help to explain some key concepts…

  • Want to find out more? Join us on Tuesday 13 October (coincidentally also Ada Lovelace day!) 10-11.30am for our  Digital Security for Schools CPD session. We’ll be exploring the issues and requirements that schools are facing in the light of new technologies and legislation, including cyber and network security, data and information security and requirements of KCSIE Annex C online safety measures.

Sign up to our weekly newsletter to get edtech news and views, free resources and reviews direct to your inbox every Thursday lunchtime – including a weekly ‘give it a try’ app or tool recommendation.

If you would like to contact us please click here.