The five biggest cyber threats schools face – and how to protect yours

We have put together the top five cyber threats that schools in the UK face at the end of 2022 and into 2023, so you can take the right steps to protect your data.

Our top five trends that schools need to prepare for:

1. Ransomware

A phishing attack is the most common way for schools to be infected with ransomware. The National Cyber Security Centre (NCSC) defines a phishing attack as “when attackers attempt to trick users into doing ‘the wrong thing’, such as clicking a bad link that will download malware, or direct them to a dodgy website”. The most common point of entry for a school is when someone opens an attachment in an email or clicks a link to a malicious website. The email may look legitimate, posing as something they might expect to receive. In fact, it is from an attacker, and the attachment is an executable programme that delivers the ransomware onto their device and throughout the school’s network, encrypting all the files and making them inaccessible without paying a ransom.

In June 2021, NCSC issued an alert regarding the increase in ransomware attacks on the UK education sector.

Schools and trusts have seen ransomware encrypt all their files, leaving some schools without their important pupil and staff records, lesson plans and coursework for several weeks, or in some cases not at all.

2. Human frailty

Many cyber threats schools face remotely target inanimate objects, the individual pieces of infrastructure. However, the successful ones often get let in by human error. A person can inadvertently leave open a metaphorical gate or welcome someone or something in without checking their credentials. The 2022 edition of Verizon’s annual Data Breach Investigations Report found that user error is among the fastest-growing causes of breaches.

Individuals generally want to avoid harmful careless actions, but the people in a school represent a threat because they may not fully understand the behaviours needed for strong cyber security.

Teachers and other school staff receive regular training about safeguarding children online. In many cases, the same diligence is not applied to cyber security. Staff often need to be educated that habits they may have developed over time are incompatible with effective cyber security. For example, sending school documents to their personal email address so they can work on them at home is an unacceptable risk.

In addition, they may not appreciate the sheer volume of cyber security attacks and have the mentality that it won’t happen to their school. That’s true; it hasn’t happened to their school. Until it does.

The five biggest cyber threats schools face – and how to protect yours

3. Business email compromise

This is a targeted attack where an attacker learns pertinent information about a school and uses it to trick staff into paying money or revealing other private details that can lead to further attacks. They may claim, for example, to be from a supplier that needs payment to a different bank account from normal and offer a plausible reason. They often target a newer member of staff, who may not have the wherewithal to spot the phoney email address or signs of a scam.

These emails contain no links or attachments and can be very difficult to spot for typical software-based protective measures. Sadly money has been stolen from schools, and the resulting police inquiry has brought them unwelcome press attention.

4. Internet of things

It is easy to forget how many objects are connected to the internet or a network of devices and therefore potentially vulnerable to attack. Things like CCTV, cashless catering, kiosks for visitors signing in, etc., all need to be secured. If not, you risk giving attackers control of these devices and providing a possible entry point to access your network. The result of which puts personal information, grades, and exam information, into the cyber criminal’s hands. It’s therefore essential to secure any internet-facing devices.

5. Internal data breaches

As mentioned above, many data breaches in education are caused by human error. For example, accidentally sending an email with sensitive data to the wrong people, losing a USB stick containing sensitive data, sharing sensitive material on social media or unmanaged online file storage. These errors are often caused by people making mistakes because they haven’t had the proper training or are so busy that they fail to check things properly. This can result in compromised sensitive information on staff and students. Certain data breaches must be reported to the Information Commissioners Office (ICO) and can lead to fines and loss of reputation. The fines can be substantial, the ICO recently fined one organisation over £4 million for failing to process data securely.

What can you do to protect your data?

What can you do to protect your data?

While no industry, including education, is ever permanently safe from cyber attacks, there are ways to give your school the best chance of avoiding the threats described above. The cyber security experts at RM recommend these best practices to help you out.


Knowing what is connected to the internet and making sure you change your default passwords on such equipment will make them less vulnerable to attack. RM offers a vulnerability scan that will assess your internet-facing infrastructure and give you clear guidance if there are areas of weakness. You must also have an asset register of all your devices to ensure they are effectively managed, patched and secured.

Failing to install the latest updates or patches for hardware or software installed on devices in school is not the only possible point of entry for a cyber attack. One London school fell victim to ransomware because a content management system web portal had not been updated. As schools use more and more software as a service (SaaS) platforms, they need to be diligent in updating them.


Ensure that you are running up-to-date anti-virus and anti-malware software across your network and devices. Ideally, you should deploy software that uses machine learning to determine when something looks suspicious without relying solely on file signatures or databases of malicious web links.

Schools often use multiple versions of anti-virus and anti-malware software which may create conflicts or reduce protection. This vulnerability can be multiplied across a multi-academy trust. Unless each school is protected by the most up-to-date version of the protection packages, those lagging behind present an opportunity for cyber criminals to gain access to a whole trust’s IT systems.

We can provide a next-generation anti-virus solution such as Trend Micro’s Worry-Free Services Advanced that uses technology to open files and links to websites in a protected area and see if anything malicious happens – it will quarantine files or block websites if it believes that the file is acting suspiciously.

To protect against credential theft, you should consider using multi-factor authentication (MFA), such as the system used in RM Unify. MFA is easy to implement and requires an additional authentication method when you log in to your email or cloud services; this can be through a phone call, text message or even a simple app on your mobile phone.

A good patching routine will also reduce the likelihood of malware being successfully installed. However, if ransomware does find some way of infecting your data, then a sound backup system is vital in recovering from such an attack.

The five biggest cyber threats schools face – and how to protect yours

Train your staff! Maintaining well-trained staff is your number-one defence against cyber crime. A vigilant member of staff can alert you early enough for you to reduce damage and prevent further attacks. In addition, using an internet provider that monitors network traffic going to and from the school, detecting and preventing intrusions in real time.


Think about what you can do to prevent internal data breaches and cyber threats. For example, turn off auto-complete on emails, restrict the use of USB memory sticks, and provide reminders of threats to staff to ensure that cyber security is top of mind in your school.


Plan for a breach – have a process in place so that everyone understands what they need to do should they suffer from a cyber attack and ensure the school has a daily backup routine.

If your school is a member of the DfE’s risk protection arrangement (RPA), it must have a cyber response plan and offline backup arrangements to benefit from its cyber threat protection. If it is not an RPA member implementing similar protocols at your school is still a good idea. Backups should be held entirely offline and not connected to your systems until absolutely necessary. This is to ensure that the backed-up data remains unaffected by any incident that impacts your live systems.

The NCSC has guidance on how and where to hold your backups, including the 3-2-1 hierarchy, and the DfE has published the Risk Protection Arrangement Cyber Response Plan Template.

Security you can trust
Security you can trust

RM is an expert in the field of education technology. We have been providing technology for schools for over fifty. We offer specialist tools and services to help you implement these suggestions and ensure you have the safest IT network and digital learning environment. We have a range of easy to implement checks and audits to identify potential areas of concern or reassure you that your school is well protected. Contact us today to find out how we can ensure your school is resilient against cyber threats.

Contact us today to find out how we can ensure your school is resilient against cyber threats.

Further reading:

back to top button
back to top button