For parents, the safety of their children is a priority. They trust schools to protect their children and their children’s data.

For schools, this is a big responsibility. We’ve entered a new digital age  with a whole online world to explore, as well as endless gadgets to play with and work on and constant technological developments,

Consequently, there are more routes and opportunities for data to be compromised, the education sector is no exception to this threat.

The National Cyber Security Centre alerted in 2021 that there has been an increase in ransomware attacks on the education sector by cybercriminals [1].

They emphasised the need for organisations in the sector to protect their networks to prevent further ransomware attacks. 

The South West Grid for Learning (SWGfL)

The SWGfL are a charity working so that everyone in society can benefit from technology, free from harm [2]. They are part of the UK Safer Internet Centre, experts advise schools, public bodies, and industry on appropriate actions to take regarding safeguarding and advancing positive online safety policies.

They have been leading online safety for the past two decades, delivering engaging resources and training to a wide variety of audiences nationally and internationally.

The work of SWGfL has brought online safety to the forefront of public attention, ensuring everyone can develop their understanding of what online safety means in an ever-changing world.

Safeguarding Implications

Ransomware attacks can strip access to school data. The nature of a ransomware attack is that it encrypts files on a computer system, so they cannot be accessed.

If the files cannot be accessed, then these important systems will be out of use in a school:

  • Parent contact details
  • Pupil records
  • Contact details for third parties
  • Telephone systems
  • Email
  • The internet
  • CCTV
  • File servers
  • Door/gate access

The implications of this for staff and pupils are dangerous. There is also the risk of personal information being leaked onto the dark web if it has been obtained by criminals.

Protecting School Data

Central to effective data protection is the ability to identify the core data of the school. This core information is the most important and may include the medical details of pupils, parental contact details or the HR records of employees.

When the core data assets are identified, layers of protection can be built around them. The SWGfL recommends that layers of security should be used to protect school data. This layered system should be visualised like an onion, with the core data assets at the centre and the surrounding layers being modes of protection.

The first layer is data security. This means ensuring that the right people have access to the core data. It should be checked that staff in the school only have access to the systems that are essential to their role.

Secondly, application security must be applied. This means ensuring that security programmes are always up to date and the security software in place is functioning properly. This mitigates the technical vulnerability.

Then, endpoint security should encompass the other measures. This refers to device security, if a device is used to access data and systems then it must be secure.

The final two layers are similar. Adequate perimeter security and network security is essential to ensuring the internet server and networks systems are secure. These layers should actively try to repel attackers. This layered security system should strive to stop attackers from getting in, but also to stop data from leaking out.

The Tools

The layers of security can be translated into the use of these tools:

Core Data Assets:

  • Critical data identified and protected
  • Backed up
  • Data Loss Prevention
  • Security Information and Event Management (SIEM)

Data Security:

  • School-wide policies
  • Records of processing activities
  • Maps of critical data
  • Data access controls
  • Retention and disposal

Application Security:

  • Software patching
  • Automatic updates
  • Logging systems
  • Access controls
  • Password security

Endpoint Security:

  • Anti-virus
  • Anti-malware
  • Ransomware protection
  • Anti-exploit
  • Fileless attack prevention
  • Asset management
  • MDM
  • Device firewall

Perimeter Security and Network Security:

  • Firewall
  • Servers/switches
  • Routers
  • ISP
  • Filters
  • Monitoring
  • Intrusion detection systems

Staff at all levels within the school should be trained on the use of and the importance of these tools


Regular audits within schools, assessing the quality of data security is important. This ensures that any gaps in security can be filled, and new software or procedures can be installed.

Audits should monitor:


  • Where is it kept?
  • Is it core data?
  • Who has access to it?
  • Does it need securing?


  • Where are they?
  • What do they do or store?
  • Who has access to them?
  • Do they need securing?


  • Who needs access to what?
  • Have they had the appropriate training?
  • Do they understand their obligation?


  • Is there a plan for future breaches?
  • Does the plan work?
  • Does everyone know to initiate it?
  • Does it include out-of-hours?
  • Is a copy stored off-site?

Cyber Secure

Cyber Secure is a new tool for the Department for Education that the SWGfL has been commissioned to produce. It is set to be launched in early 2022. It will be a free to use, self-assessment tool and it will help schools to review and improve their cyber and information security.

It examines 23 aspects of school systems, identifying what needs to be improved and suggesting ways of implementing better security systems.

Additionally, the National Cyber Security Centre’s website has many useful articles that advise schools on how to strengthen the security of their data.

Ultimately, schools should ensure that they have robust security systems in place to ensure the safety of their children and staff. Regular monitoring of these systems is crucial to repair and improve the walls of protection.

[1] The National Cyber Security Centre. 2021. Alert: Further ransomware attacks on the UK education sector by cyber criminals

[2] The South West Learning Grid

How useful was this article?

Please click on a star to rate it

Schools have seen a sharp increase in ransomware attacks, targeting their confidential data. This article presents advice from the South West Grid for Learning, outlining the essential tools that schools should have in place to protect their data.

Register FREE to access 2 more articles

We hope you’ve enjoyed your first article on GE Insights. To access 2 more articles for free, register now to join the Government Events community.

What you'll receive:
2 FREE articles/videos on GE Insights
Discounts to GE conferences and GovPD training courses
Latest events and training course updates
Fortnightly newsletters
Personalised homepage to save you time
Need unrestricted access to GE Insights Now?