Speak to an expert : Live Chat exa online chat

Knowledge HubTMeducation

How to improve your school’s online security

School Security

It may come as a surprise that the education sector is a target for cybercriminals, however when you think about it there is a vast amount of sensitive data stored on school systems which presents an opportunity for those looking to exploit weaknesses. 

Files held by schools can range from names and addresses, attendance records and grades as well as confidential information regarding vulnerable students. As such, this data is extremely valuable and, if obtained by unauthorised sources, can have serious consequences to operations causing a significant amount of down time and labour intensive disaster recovery to re-enable services. Not to forget the safeguarding implications involved in a data breach, such as jeopardising the safety of students, parents and staff as well as causing distress or embarrassment if the information is leaked. 

How to protect your school from cyber attacks

So now you know cyber attacks are prevalent but how do you mitigate them? Here are some tips that will help you defend your network. From reviewing your cyber security policy to managing vulnerabilities and implementing a variety of security solutions, there are many ways you can improve your school’s online security.

Cyber security policy

Reviewing your cyber security policy is a good place to start. Consider whether current practices are compliant with the policy and if procedures are being followed. Also take the time to investigate the latest guidance and update the policy accordingly. 

Make sure you implement the policy correctly to guarantee its effectiveness. Run workshops and training to get staff buy in, explain adoption of the policy isn’t optional and as such must be adhered to. 

Spam emails

Viruses are often spread using mislabeled files – hidden inside downloads or attached to spam emails. You should make sure to verify the sender of the email and the trustworthiness of the attachments or downloads before clicking on anything included in the email.

Spam emails can appear to be from legitimate sources, however there are warning signs to look out for:

  1. Cybercriminals will often imitate popular companies, using a similar logo and seemingly trustworthy email address. However these will usually be slightly different to the official brand.
  2. Does the email include links to unfamiliar websites? Make sure you check where the link actually directs you to (by hovering over, do not click on the link) as the anchor text may seem like a trusted address.
  3. Spam emails are likely to include threats or offers, such as suggesting your account has been compromised, you have been charged for something you never agreed to or offerings of large sums of money, if you click the link included.
  4. You can always check with the company who supposedly sent the email if you are unsure, and they will confirm whether they are the sender or not.
  5. If you receive any spam emails always report them to the company the spammer is imitating, if possible.

Secure passwords

When creating a new account a website will usually give you guidelines on how best to create a secure password, however this may not make the password genuinely secure.

Here’s how to make sure your passwords are as secure as possible:

  1. Try to use different passwords for each account you own. If a cybercriminal gets hold of one of your accounts secure information, then they can easily gain access to any other account with the same password.
  2. It can be common for users to add in numbers or capitals in the place of a letter (e.g. 0 instead of o) however this doesn’t make your password more secure, software that can be used to try and gain access to your account can automatically try each variation on a word.
  3. When creating a secure password we would recommend making a string of a few random words (or letters) and numbers, ensuring this is memorable without using personal information (birthdays, names etc)

Security software

It is important to make sure that your security software is up to date, this will help protect you from attacks and viruses. The two main types of security you should invest in are firewalls and content filtering.

Firewalls are a major part of a security plan, as they prevent unauthorised access to your devices. They act as a barrier between your network and the internet, analysing incoming and outgoing traffic and blocking anything deemed potentially harmful. This is the first line of defence for your system and as such is a key course of action. 

Content filtering services block inappropriate websites which can contain malicious files that can harm your system. This can also prevent certain file types from being downloaded by users, cutting out a major vulnerability. Content filtering also offers reporting functionality, so you will know when attempts to access unauthorised or unsavoury material are made allowing you to take appropriate action.

Your legal responsibilities

As discussed above, data protection is essential for a variety of reasons, not least because it is a requirement by law. The General Data Protection Regulations (GDPR) require that every state funded and private school or nursery, must have at least one named Data Protection Officer (DPO), the responsibility can be shared across multiple staff members. The DPO is accountable for the privacy of all data systems you use and should ensure regulatory compliance. Hefty fines can come the school’s way for non-compliance, so it is important that the DPO understands this and takes this responsibility seriously – doing everything possible to ensure compliance, yet still alert the relevant authorities if a data breach occurs. Key things to ensure GDPR compliance:
  1. Store personal data of students and parents securely and ensure any any third parties who may also handle personal data are GDPR compliant
  2. When sending emails double check the ‘to’ addresses are correct
  3. Keep all software and apps, used in and out of the classroom, updated
  4. Get relevant consent for any pictures of students and have a process in place to dispose of them properly when they leave school.
  5. Perform regular backups. This means you can restore any encrypted information if you are affected by viruses and ransomware.
For more information, you can take a look at the government guidance on GDPR.

Suggested Next Read

Related Knowledge Hub™ Articles

The Exa Foundation

Contact us


Contact us

Is DarkLight connectivity best suited to you?

Dark fibre is perfect if you are looking for a potentially limitless, ultrafast connection with complete flexibility and control.

If you fully rely on the internet, a dark fibre connection could be the best option for you.

Is Leased Line connectivity best suited to you?

Leased Lines are best suited to you if you have high bandwidth requirements and need a reliable, uncontended service.

It is ideal for you if you regularly carry out large uploads and downloads, use cloud based services and a VoIP telephone system as well as video conferencing, for everyday communication.

Is GPON connectivity best suited to you?

GPON is a great choice for you if you need gigabit speeds but don’t need them to be symmetrical. It is becoming more widely available across the UK but may not be immediately available to you yet.

Is Rural Fibre connectivity best suited to you?

If you want to make the move to full fibre, but are based in a rural area, this option is for you.

Is FTTP connectivity best suited to you?

If you have a number of users who use cloud-based applications to upload and download data on a daily basis, but don’t transfer large amounts of data, FTTP might be your best option.

Is Gfast connectivity best suited to you?

If your line cannot support a minimum of 100Mbps, this connection is not for you. Gfast must meet the speed as a minimum. 

If your line meets this need, and you’re looking for an ultrafast, consistent and reliable connection without the hassle and upheaval of construction work – this could be a good fit.

It’s worth noting that Gfast is a stop gap to FTTP, and is not a technology that is likely to be around for a long time.

Is FTTC connectivity best suited to you?

If you need more bandwidth but don’t really need a guaranteed speed, FTTC could be for you. It is widely available throughout the UK, making it suitable as a main connection. As this connection provides higher speeds than ADSL, it is also a good option for a back up to a leased line.

As with ADSL, once the PSTN is turned off in 2025/26, FTTC will become virtually obsolete and at the very least you will require FTTP to remain connected.



Office hours

Monday: 8:30am – 5pm
Tuesday: 8:30am – 5pm
Wednesday: 8:30am – 5pm
Thursday: 8:30am – 5pm
Friday: 8:30am – 5pm
Saturday: Closed
Sunday: Closed


Contact us

Office hours

Monday: 8am – 4pm
Tuesday: 8am – 4pm
Wednesday: 8am – 4pm
Thursday: 8am – 4pm
Friday: 8am – 4pm
Saturday: Closed
Sunday: Closed


Contact us

Office hours

Monday: 8am – 5pm
Tuesday: 8am – 5pm
Wednesday: 8am – 5pm
Thursday: 8am – 5pm
Friday: 8am – 5pm
Saturday: Closed
Sunday: Closed

Is DSL connectivity best suited to you?

DSL connections offer very limited bandwidth so it might be right for you if you typically use the internet for less data-intensive tasks. If you’re sending emails, browsing the web, downloading very small files and working with small amounts of data – you should be fine with DSL.

It is worth noting connections based on copper wire, like DSL, will be switched off in the UK by Openreach, with a phased approach due to begin at the end of 2025. If you don’t have a fibre connection at the moment, you’ll need to upgrade this as well as move to a VoIP telephone system.

Technical Support

Contact us

Office hours

Monday: 8am – 6pm
Tuesday: 8am – 6pm
Wednesday: 8am – 6pm
Thursday: 8am – 6pm
Friday: 8am – 6pm
Saturday: 10am – 4pm
Sunday: 10am – 4pm