How to protect your school from cyber attacks

Get to grips with the steps your school can take to make its IT systems and processes safer and more robust. Download our technical specifications checklist to find out if your school is meeting the DfE's recommended cyber security standards.

Last reviewed on 4 March 2025See updates

School types: All•School phases: All•Ref: 43020

Contents

Understand your school's requirements
Follow these steps to assess the risk
Include cyber incidents in your business continuity plans
Make your school community ‘cyber aware’
Put protection in place
Control access to user accounts
Only use licensed technology
Back up your data
Report cyber attacks
Download our technical requirements checklist

Understand your school's requirements

Preventing and responding to cyber threats is an important part of protecting your school and the large amounts of sensitive personal data it holds.

Your school is responsible for making sure you have the appropriate level of security protection and procedures in place – this is explained in paragraph 147 of Keeping Children Safe in Education (KCSIE) 2024.

Aim to meet the DfE's cyber security standards

This article is a summary of the DfE’s cyber security standards for schools and colleges. It's non-statutory guidance, but meeting the standards will help you feel confident that your school is prepared for a cyber incident.

The checklist at the end of this article includes technical requirements that your digital lead can discuss with your IT support to find out if your school has the right level of protection in place.

The DfE recommends appointing a

Understand your school's requirements

Aim to meet the DfE's cyber security standards

Want to continue reading?