School IT Blog

10 top tips to improve Cyber Security in your school!

Wed 21 July, 2021

10 top tips to improve Cyber Security in your school!

Cybersecurity is so important in the modern age of technology and its use in schools. Here are some tips on how you as a school you could improve your cybersecurity.

1. Establish a strong online perimeter and ensure that ownership is taken by senior team members

Cybersecurity and online safety should be taken just as seriously as any other form of safety. They should be discussed regularly with school governors and at leadership team meetings. Appropriate policies should be implemented and enforced by the senior leadership team itself. By doing this it ensures that the schools start in the correct direction!

Schools should then establish strong boundary firewalls and internet gateways to protect school networks from cyber-attacks, unauthorised access, and malicious content. Cybersecurity controls should be monitored constantly and tested regularly. These are so important when preventing people outside of the school from being able to access schools’ systems

2. Update content filters, constantly

People are usually the weakest link in organisations, it’s the lack of updates and money spent on the protection that can cost schools in terms of cyber safety. In schools, there are many young internet users with curious minds that need extra protection. Content filtering systems need to be updated constantly as tech-savvy students are capable of creating new ways to get around filters with incredible speed.

3. Establish solid access control policies

Schools should establish effective processes for managing user privileges to their systems to minimise the risk of deliberate and accidental attacks. Users should be provided with the minimum level of access they need to do their job. When staff members leave the school, their access should be revoked promptly. All records should be kept up to date to prevent the exploitation of old accounts.

4. Check third party providers thoroughly

Schools should ensure they check through thoroughly all third-party platform providers used to ensure their approaches to security and safety are at least as stringent as their own. Access to students, parents and guardians should be granted by teachers themselves using email addresses provided in person.

5. Ensure secure configuration and patch management

Schools should know precisely what hardware and software are being used on their networks and ensure configuration changes are authorised, documented and implemented appropriately. Devices should be set up so that only approved users can make changes. Software updates and security patches should be implemented quickly when released by manufacturers.

6. Monitoring and incident management

Schools must monitor all of their systems continuously and analyse them for unusual activity that could indicate an attack. Criminal incidents should be reported to the police and other relevant authorities.

7. Invest in cybersecurity and online safety education

The Department for Education requires that students are taught about online safety as part of safeguarding for schools. They should ensure that members of staff understand the risks and their own security policies covering acceptable and secure use of systems. There should be regular sessions to ensure staff and students are aware of new phishing or spoof email attacks.

8. Don’t forget about physical security

Schools should maintain cybersecurity defences that are appropriate to the importance and sensitivity of the systems and data requiring protection. Planning for these should include the physical security of hard drives, internet routers, servers and other devices on which data can be stored. School equipment is targeted by thieves, especially in the school holidays, so any device holding sensitive data should be encrypted.

9. Consider personal devices

Schools should have clear policies around mobile technology and how it is used on their premises. Students should be taught about acceptable use of their personal devices, how they interact with each other on social media and where to turn for help.

When staff are working from home, they should be provided with IT equipment that’s for work use only and is not to be shared with other household members.

10. Use of VPN (Virtual private network)

When staff are working from home, VPNs should be used to ensure that data being sent back and forth to the school’s network is encrypted, meaning that even if it were to be intercepted it would be indecipherable.


Pupil safeguarding issues need to be dealt with sensitively, which often means that a voice conversation is more suitable than speaking via email. For example, if a cyber-attack does happen it needs to be dealt with sensitively and in the correct manner.

However, staff calling pupils and their family members from their personal phones creates another safeguarding issue. Putting in place a cloud-hosted telephone system can mitigate this problem as phone calls can be made from diverse locations and devices whilst presenting the school’s telephone number. Call recording can also be a useful feature here but call recordings must be treated with the same sensitivity as other personal data. All of these steps prevent misunderstanding and misinterpretations can be dealt with correctly.

Hopefully, these tops tips can help you and your school in the aim to improve its cybersecurity. For any more help or guidance don’t be afraid to get in touch today.