How to protect your school from cyber attacks

Get to grips with the steps your school can take to make its IT systems and processes safer and more robust. Download our technical specifications checklist to find out if your school is meeting the DfE's recommended cyber security standards.

Last reviewed on 4 March 2025See updates
School types: AllSchool phases: AllRef: 43020
Contents
  1. Understand your school's requirements
  2. Follow these steps to assess the risk
  3. Include cyber incidents in your business continuity plans
  4. Make your school community ‘cyber aware’
  5. Put protection in place
  6. Control access to user accounts
  7. Only use licensed technology
  8. Back up your data
  9. Report cyber attacks
  10. Download our technical requirements checklist

Understand your school's requirements

Preventing and responding to cyber threats is an important part of protecting your school and the large amounts of sensitive personal data it holds.

Your school is responsible for making sure you have the appropriate level of security protection and procedures in place – this is explained in paragraph 147 of Keeping Children Safe in Education (KCSIE) 2024.

Aim to meet the DfE's cyber security standards

This article is a summary of the DfE’s cyber security standards for schools and colleges. It's non-statutory guidance, but meeting the standards will help you feel confident that your school is prepared for a cyber incident.

The checklist at the end of this article includes technical requirements that your digital lead can discuss with your IT support to find out if your school has the right level of protection in place.

The DfE recommends appointing a