We are seeing a large volume of cyber-criminal activity across the UK, with a significant focus on the education sector.

With this in mind, we recommend that you confirm that the following information and details are in place for your school. Some of the critical areas these criminals use to gain access to your school are listed below:

Remote access

Attackers frequently target organisations’ networks through remote access systems such as remote desktop protocol (RDP) and virtual private networks (VPN). They regularly exploit:

  • Weak Passwords
  • Lack of Multi-Factor Authentication (MFA)
  • Unpatched Vulnerabilities in software


Frequently cyber-criminal use Emails to deploy ransomware. These emails encourage users to open a malicious file or click on a malicious link that hosts the malware. Only click on links or open attachments in an email if you know the sender.

Other vulnerable software or hardware

Ransomware attackers have commonly used unpatched or unsecured devices as an easy route into networks. For example, Microsoft reported that cybercriminals had exploited vulnerabilities in Microsoft Exchange Servers to install ransomware on a network.

Things for your School to Check

Are you Patched? When was the last time your pc or laptop said? Please wait, loading windows updates; this should be at least every week. Check with your ICT provider and ask if all my servers and devices are updated.

Most importantly, do you have a complete backup of all the school data and devices? In the event that you need to undergo a “disaster recovery” you will need the full backup to restore your data and devices.

National Cyber Security Centre