Practical Guides
Essential Reading
The Complete School Cybersecurity Guide
NCSC: 32 significant cyberattacks on UK education in 2020. Harris Federation: 50 schools offline for weeks. Lincoln College: ransomware contributed to permanent closure. UK schools are targets.
Incident Response for Schools
The first hours of a cyberattack are decisive — schools with a practiced incident response plan contain incidents faster and recover sooner. Most UK schools have no tested plan.
GDPR Data Protection Guide for Schools
ICO investigations of UK schools have involved inadequate security, unlawful CCTV, failure to report breaches, and missing Data Processing Agreements with EdTech vendors.
Further Reading
EdTech Vendor Due Diligence
MOVEit 2023, Pearson 2018, Capita 2023 — three major supply chain breaches affecting education data. Schools remain accountable for data shared with EdTech vendors under UK GDPR.
Cyber Essentials Accreditation Guide for Schools
Cyber Essentials certification — the NCSC's baseline security scheme — is the foundation of the DfE Cyber Security Standards and increasingly required by cyber insurers as a condition of cover.