In 2020, the UK’s Department for Digital, Culture, Media and Sport conducted a cybersecurity breach survey in education. Its findings made for perturbing reading, with 41% of primary schools, 76% of secondary schools and 80% of further education institutions reporting at least one cyber-attack or security breach in the previous year. Cybersecurity for schools has never been more important.


Hackers and cybercriminals are increasingly targeting smaller institutions seen as low hanging fruit that may be less well equipped to deal with a scam or hacking attempt. The fallout from a security breach can have devastating consequences for schools.

Previous attacks have resulted in significant financial losses, sensitive data on students, parents, and staff being lost or published online, and even forced temporary school closures. With schools firmly in the crosshairs of cybercriminals, the importance of a secure digital infrastructure has never been greater.

Cybercriminals can embed malware, known as ransomware, in email attachments. If downloaded, ransomware can spread through a school’s network to steal confidential information and demand a ransom for its release. One such attack occurred as recently as June 2021, forcing the closure of two schools after hackers broke into their servers, stealing data and encrypting student information.

BEC (Business Email Compromise), also known as CEO fraud, involves spoofing an email address or compromising an account through a phishing attack. Phishing attacks typically involve a scammer posing as a trusted source, such as HR staff, and asking for confidential information to access school systems.

The hacker will then send an email posing as someone within the school – often from senior management or the finance team – asking for money to be paid to an account. Interestingly, more than 30% of BEC emails are sent on Monday mornings when staff are busy and unlikely to scrutinise an email for authenticity.

Tips to protect against cyberattacks and scams

The most effective ways to protect against scammers for cyber security schools include:

  • Train teachers and administrative staff to spot phishing attacks and malicious downloads.
  • Implement safety checks such as 2FA (two-factor authentication) for all school systems.
  • Do not use personal devices. All school-issued laptops and phones should be updated regularly and set to the same security standards.
  • If you suspect a system or email account is compromised, report it immediately.
  • Always check the email address you’re receiving mail from to ensure it is genuine.
  • Never download an email attachment from an unrecognised email address.
  • Never open a suspicious email. Contact somebody within your organisation to check its validity.