Cybersecurity – What If?


This guidance document is for schools and academies and was updated in June 2020.



This guidance document should be read in conjunction with the NEN’s Cyber Security Guidance which outlines the online threats schools face and provides guidance on what can be done to reduce the risk of becoming a victim.

Here we chiefly discuss what to do if you find yourself caught up in a cyber incident.

Any school can fall victim to a cyber incident regardless of its size. Schools are perceived to be soft targets due to the low levels of cyber security some of them employ. They also hold sensitive personal data on staff, pupils and parents that can be valuable to attackers, and have financial assets and processes that can be exploited by criminals to steal money.

Their networks are also used by many different users and devices, including pupils who might wish to look for a readymade network to practice their cyber skills on.

A school may also suffer an incident where they are not the explicit target but are just caught up in a more generalised, non-targeted attack (e.g. DDoS or ransomware) or because they are using a particular piece of vulnerable technology.

Download Guidance as pdf

Download cybersecurity Checkist as pdf