Website Cookie Policy

We use cookies to give you the best possible online experience. If you continue, we’ll assume you are happy for your web browser to receive all cookies from our website.
See our cookie policy for more information.

Practice Areas

More Information

thepartners@wrigleys.co.uk

Leeds: 0113 244 6100

Sheffield: 0114 267 5588

FOLLOW WRIGLEYS:

School Cyber attacks – know your reporting duties

February 2016

Schools hold large amounts of personal data relating to pupils and staff, which makes them particularly vulnerable to data breaches through hacking.

There have been various reports of organisations being subject to hacking in recent months.  All organisations are at risk of cyber attacks and schools are no exception.

1. Duty to report

Hacking is a form of 'Unauthorised access to computer material' under the Computer Misuse Act 1990, a criminal offence which can be punishable by imprisonment and/or fine where intent can be proven. It is important to bear in mind that hacking isn't just about some computer geek sitting in a dark bedroom late in the night trying to crack code.  Modern hacking is as more likely to be a disgruntled employee or pupil seeking to delete data, change it, or to make it public.

Due to its serious nature, schools should consider reporting concerns of unauthorised access or use to Action Fraud (the UK's national reporting centre for victims of fraud or financially motivated internet crime), to the Information Commissioners Office ('ICO') and to the police. 

2. Prevention is better than the cure

In light of the potential devastating impact of hacking, reputational damage and potential ICO penalties for failing to secure data (up to £500,000 fine for serious cases), schools must take reasonable measures to protected against such circumstances arising including:

  • restricting access to your system to users and sources you trust, with each user having a unique username and password;
  • changing computer passwords on a regular basis and avoiding repeating passwords; 
  • training provided to both pupils and staff on what constitutes 'unauthorised access;' 
  • ensure the same level of security is applied to own devices brought on site and any devices taken off site;
  • ensure you keep computer equipment and software up to date;
  • have anti-virus or anti-malware products regularly scanning your network to prevent or detect threats and ensure these are kept up to date; 
  • have an ICT policy in place to ensure you address risks in a consistent manner and an acceptable use policy stipulating how the schools computer systems should be used;
  • ask your ICT provider to undertake a security audit to the systems containing data to help to identity any vulnerabilities which can be addressed; and 
  • arrange a free ICO advisory visit. The aims of these visits are to provide small, medium sized charities and not for profit organisations with a one day site visit and to provide practical advice on how organisations can improve their data protection practices.

3. Further information and useful contact details

Further guidance on measures that can be implemented to assist with cyber security includes guidance by the ICO and NEN – The Education Network which can be accessed by using the following links:

ICO guidance:  

A practical guide to IT security

NEN – The Education Network guidance:

E-Security: Managing and maintaining e-security/cyber-security in schools

10 steps to protect your school’s network: a guide for school leaders

Government guidance detailing free of charge cyber security programmes and resources available for schools:

Cyber Security - A guide to Programmes and Resources for Schools & Further Education 

 

If you would like to discuss any aspect of this article further, please contact Chris Billington on 0113 244 6100.

You can also keep up to date by following Wrigleys Schools team on Twitter here

The information in this article is necessarily of a general nature. Specific advice should be sought for specific situations. If you have any queries or need any legal advice please feel free to contact Wrigleys Solicitors

 

February 2016

 

Chris Billington View Biography

Chris Billington

Partner
Leeds

19 Aug 2019

Was an employer vicariously liable for workplace harassment via social media?

EAT provides useful guidance on a developing area of potential liability for employers.

14 Aug 2019

Changes to Companies House register help protect health and safety of individuals by restricting public access to personal information

This is helpful for persons who may be at risk of personal threat of harm because of their public profile or sensitive occupation.

12 Aug 2019

Charities expert joins successful team to grow Wrigleys' presence in the sector

Fiona Wharton joins the top tier Charities and Social Economy team.