Cybersecurity Incident Response for Schools

Cyber-attacks on educational institutions are escalating, with UK schools experiencing a significant rise in incidents. In 2023 alone, there were 354 reported cases in the education and childcare sector, up from 224 the previous year.

Immediate Response to a Cyber-Attack

Containment and Investigation

• Notify Relevant Authorities: Contact organisations such as Action Fraud, the Information Commissioner's Office (ICO), and cyber insurance providers to initiate investigations.​
• Contain the Breach: Work with your IT team to isolate affected systems and prevent further unauthorised access.​

Risk Assessment

• Identify Affected Data: Determine what data has been compromised, focusing on its nature and sensitivity.​
• Assess Legal Obligations: Evaluate the necessity to inform the ICO and affected individuals based on the risk level.​

Notification and Reporting

• Prepare Breach Report: Complete the ICO's breach reporting form with accurate information.​
• Communicate with Stakeholders: Inform affected parties and handle any correspondence with the ICO, addressing potential enforcement actions.​

Post-Incident Evaluation and Response

• Implement Preventative Measures: Review findings from forensic investigations to strengthen data protection strategies.​
• Provide Training: Offer tailored cybersecurity training to staff to mitigate future risks.
• Manage Communications: Assist with responses to affected individuals and handle any complaints or Subject Access Requests (SARs) that may arise.

Preventative and Ongoing Support

• Cybersecurity eLearning Module: Provide staff with training on best practices, maintaining records for accountability.​
• Annual Audits: Conduct comprehensive assessments of cybersecurity practices, offering recommendations for improvement.​
• Policy Templates: Supply templates for Cyber Security and Data Breach Policies, outlining recommended procedures.​

Essential Information for Data Protection Officers (DPOs)

To effectively manage a cyber-attack, DPOs should gather the following information:

• Date of the cyber-attack and its discovery.​
• Cause of the attack.​
• Details of affected data.​
• Containment status.​
• Data recovery expectations.​
• Organisations informed (e.g., police, Action Fraud, ICO).​
• Notifications sent to data subjects and any received complaints.​

Additional Info

Sofa Session Notes 'Breach Management'

Sofa Session Notes ‘A Guide to Subject Access Requests in 45 Minutes’

Sofa Session Notes ‘Tricky Subject Access Requests’

Sofa Session Notes ‘Data Implications of CCTV Usage’

You can find information regarding our Data Protection Officer (DPO) service here.

Jedu is Judicium's online GDPR compliance tracking software for schools. Our platform is suitable for single schools to large MATs and is designed to assist schools with two critical needs: To enable trustees, Governors and other SLT to monitor GDPR compliance; and to assist you managing your data protection.

If you would like more information on how we can support you or more information regarding Jedu, please get in touch with us.

If you require any support in any of these steps or would like to talk to someone surrounding some support for your school, please do not hesitate to call us on 0345 548 7000 or email georgina.decosta@judicium.com.

 Follow us on Twitter: @DPOforSchools and @JudiciumEDU

© This content is the exclusive property of Judicium Education. The works are intended to provide an overview of the sofa session you attend and/or to be a learning aid to assist you and your school. However, any redistribution or reproduction of part or all of the contents in any form is prohibited. You may not, except with our express written permission, distribute or exploit the content. Failure to follow this guidance may result in Judicium either preventing you with access to our sessions and/or follow up content.