Speak to an expert : Live Chat exa online chat

Knowledge HubTMeducation

How to improve your school’s online security

School Security

It may come as a surprise that the education sector is a target for cybercriminals, however when you think about it there is a vast amount of sensitive data stored on school systems which presents an opportunity for those looking to exploit weaknesses. 

Files held by schools can range from names and addresses, attendance records and grades as well as confidential information regarding vulnerable students. As such, this data is extremely valuable and, if obtained by unauthorised sources, can have serious consequences to operations causing a significant amount of down time and labour intensive disaster recovery to re-enable services. Not to forget the safeguarding implications involved in a data breach, such as jeopardising the safety of students, parents and staff as well as causing distress or embarrassment if the information is leaked. 

How to protect your school from cyber attacks

So now you know cyber attacks are prevalent but how do you mitigate them? Here are some tips that will help you defend your network. From reviewing your cyber security policy to managing vulnerabilities and implementing a variety of security solutions, there are many ways you can improve your school’s online security.

Cyber security policy

Reviewing your cyber security policy is a good place to start. Consider whether current practices are compliant with the policy and if procedures are being followed. Also take the time to investigate the latest guidance and update the policy accordingly. 

Make sure you implement the policy correctly to guarantee its effectiveness. Run workshops and training to get staff buy in, explain adoption of the policy isn’t optional and as such must be adhered to. 

Spam emails

Viruses are often spread using mislabeled files – hidden inside downloads or attached to spam emails. You should make sure to verify the sender of the email and the trustworthiness of the attachments or downloads before clicking on anything included in the email.

Spam emails can appear to be from legitimate sources, however there are warning signs to look out for:

  1. Cybercriminals will often imitate popular companies, using a similar logo and seemingly trustworthy email address. However these will usually be slightly different to the official brand.
  2. Does the email include links to unfamiliar websites? Make sure you check where the link actually directs you to (by hovering over, do not click on the link) as the anchor text may seem like a trusted address.
  3. Spam emails are likely to include threats or offers, such as suggesting your account has been compromised, you have been charged for something you never agreed to or offerings of large sums of money, if you click the link included.
  4. You can always check with the company who supposedly sent the email if you are unsure, and they will confirm whether they are the sender or not.
  5. If you receive any spam emails always report them to the company the spammer is imitating, if possible.

Secure passwords

When creating a new account a website will usually give you guidelines on how best to create a secure password, however this may not make the password genuinely secure.

Here’s how to make sure your passwords are as secure as possible:

  1. Use a password manager, they can generate unique hard to hack passwords for you and improve the ease of managing your passwords.
  2. If not using a password manager, try to use different passwords for each account you own. If a cybercriminal gets hold of one of your accounts secure information, then they can easily gain access to any other account with the same password.
  3. It can be common for users to add in numbers or capitals in the place of a letter (e.g. 0 instead of o) however this doesn’t make your password more secure, software that can be used to try and gain access to your account can automatically try each variation on a word.
  4. When creating a secure password we would recommend making a string of a few random words (or letters) and numbers, ensuring this is memorable without using personal information (birthdays, names etc)

For more in depth information on best practice when it comes to creating passwords check out our blog here: World Password Day 2024

Security software

It is important to make sure that your security software is up to date, this will help protect you from attacks and viruses. The two main types of security you should invest in are firewalls and content filtering.

Firewalls are a major part of a security plan, as they prevent unauthorised access to your devices. They act as a barrier between your network and the internet, analysing incoming and outgoing traffic and blocking anything deemed potentially harmful. This is the first line of defence for your system and as such is a key course of action. 

Content filtering services block inappropriate websites which can contain malicious files that can harm your system. This can also prevent certain file types from being downloaded by users, cutting out a major vulnerability. Content filtering also offers reporting functionality, so you will know when attempts to access unauthorised or unsavoury material are made allowing you to take appropriate action.

Your legal responsibilities

As discussed above, data protection is essential for a variety of reasons, not least because it is a requirement by law. The General Data Protection Regulations (GDPR) require that every state funded and private school or nursery, must have at least one named Data Protection Officer (DPO), the responsibility can be shared across multiple staff members. The DPO is accountable for the privacy of all data systems you use and should ensure regulatory compliance. Hefty fines can come the school’s way for non-compliance, so it is important that the DPO understands this and takes this responsibility seriously – doing everything possible to ensure compliance, yet still alert the relevant authorities if a data breach occurs. Key things to ensure GDPR compliance:
  1. Store personal data of students and parents securely and ensure any any third parties who may also handle personal data are GDPR compliant
  2. When sending emails double check the ‘to’ addresses are correct
  3. Keep all software and apps, used in and out of the classroom, updated
  4. Get relevant consent for any pictures of students and have a process in place to dispose of them properly when they leave school.
  5. Perform regular backups. This means you can restore any encrypted information if you are affected by viruses and ransomware.
For more information, you can take a look at the government guidance on GDPR.

Suggested Next Read

Related Knowledge Hub™ Articles

ISPA Testing

The Exa Foundation

Contact us



Office hours

Monday: 8:30am – 5pm
Tuesday: 8:30am – 5pm
Wednesday: 8:30am – 5pm
Thursday: 8:30am – 5pm
Friday: 8:30am – 5pm
Saturday: Closed
Sunday: Closed

Technical Support

Contact us

Email: helpdesk@exa.net.uk
Phone: 0345 145 1234

Office hours

Monday: 8am – 6pm
Tuesday: 8am – 6pm
Wednesday: 8am – 6pm
Thursday: 8am – 6pm
Friday: 8am – 6pm
Saturday: 10am – 4pm
Sunday: 10am – 4pm