Website Cookie Policy

We use cookies to give you the best possible online experience. If you continue, we’ll assume you are happy for your web browser to receive all cookies from our website.
See our cookie policy for more information.

Practice Areas

More Information

thepartners@wrigleys.co.uk

Leeds: 0113 244 6100

Sheffield: 0114 267 5588

FOLLOW WRIGLEYS:

School Cyber attacks – know your reporting duties

February 2016

Schools hold large amounts of personal data relating to pupils and staff, which makes them particularly vulnerable to data breaches through hacking.

There have been various reports of organisations being subject to hacking in recent months.  All organisations are at risk of cyber attacks and schools are no exception.

1. Duty to report

Hacking is a form of 'Unauthorised access to computer material' under the Computer Misuse Act 1990, a criminal offence which can be punishable by imprisonment and/or fine where intent can be proven. It is important to bear in mind that hacking isn't just about some computer geek sitting in a dark bedroom late in the night trying to crack code.  Modern hacking is as more likely to be a disgruntled employee or pupil seeking to delete data, change it, or to make it public.

Due to its serious nature, schools should consider reporting concerns of unauthorised access or use to Action Fraud (the UK's national reporting centre for victims of fraud or financially motivated internet crime), to the Information Commissioners Office ('ICO') and to the police. 

2. Prevention is better than the cure

In light of the potential devastating impact of hacking, reputational damage and potential ICO penalties for failing to secure data (up to £500,000 fine for serious cases), schools must take reasonable measures to protected against such circumstances arising including:

  • restricting access to your system to users and sources you trust, with each user having a unique username and password;
  • changing computer passwords on a regular basis and avoiding repeating passwords; 
  • training provided to both pupils and staff on what constitutes 'unauthorised access;' 
  • ensure the same level of security is applied to own devices brought on site and any devices taken off site;
  • ensure you keep computer equipment and software up to date;
  • have anti-virus or anti-malware products regularly scanning your network to prevent or detect threats and ensure these are kept up to date; 
  • have an ICT policy in place to ensure you address risks in a consistent manner and an acceptable use policy stipulating how the schools computer systems should be used;
  • ask your ICT provider to undertake a security audit to the systems containing data to help to identity any vulnerabilities which can be addressed; and 
  • arrange a free ICO advisory visit. The aims of these visits are to provide small, medium sized charities and not for profit organisations with a one day site visit and to provide practical advice on how organisations can improve their data protection practices.

3. Further information and useful contact details

Further guidance on measures that can be implemented to assist with cyber security includes guidance by the ICO and NEN – The Education Network which can be accessed by using the following links:

ICO guidance:  

A practical guide to IT security

NEN – The Education Network guidance:

E-Security: Managing and maintaining e-security/cyber-security in schools

10 steps to protect your school’s network: a guide for school leaders

Government guidance detailing free of charge cyber security programmes and resources available for schools:

Cyber Security - A guide to Programmes and Resources for Schools & Further Education 

 

If you would like to discuss any aspect of this article further, please contact Chris Billington on 0113 244 6100.

You can also keep up to date by following Wrigleys Schools team on Twitter here

The information in this article is necessarily of a general nature. Specific advice should be sought for specific situations. If you have any queries or need any legal advice please feel free to contact Wrigleys Solicitors

 

February 2016

 

Chris Billington View Biography

Chris Billington

Partner
Leeds

10 Oct 2019

Female manager's shoulder massage of male team member was not sexual harassment

EAT upholds tribunal's decision that conduct was unwanted but not related to the claimant's sex

09 Oct 2019

Exciting times in York for community-led housing

There are a number of interesting projects happening in York at the moment, the most high profile of which are:

07 Oct 2019

Extinction Rebellion protests and employment law

What do employers and employees need to know about protests?