Website Cookie Policy

We use cookies to give you the best possible online experience. If you continue, we’ll assume you are happy for your web browser to receive all cookies from our website.
See our cookie policy for more information.

Practice Areas

More Information

Leeds: 0113 244 6100

Sheffield: 0114 267 5588


Send us an enquiry

School Cyber attacks – know your reporting duties

11 February 2016

Schools hold large amounts of personal data relating to pupils and staff, which makes them particularly vulnerable to data breaches through hacking.

There have been various reports of organisations being subject to hacking in recent months.  All organisations are at risk of cyber attacks and schools are no exception.

1. Duty to report

Hacking is a form of 'Unauthorised access to computer material' under the Computer Misuse Act 1990, a criminal offence which can be punishable by imprisonment and/or fine where intent can be proven. It is important to bear in mind that hacking isn't just about some computer geek sitting in a dark bedroom late in the night trying to crack code.  Modern hacking is as more likely to be a disgruntled employee or pupil seeking to delete data, change it, or to make it public.

Due to its serious nature, schools should consider reporting concerns of unauthorised access or use to Action Fraud (the UK's national reporting centre for victims of fraud or financially motivated internet crime), to the Information Commissioners Office ('ICO') and to the police. 

2. Prevention is better than the cure

In light of the potential devastating impact of hacking, reputational damage and potential ICO penalties for failing to secure data (up to £500,000 fine for serious cases), schools must take reasonable measures to protected against such circumstances arising including:

  • restricting access to your system to users and sources you trust, with each user having a unique username and password;
  • changing computer passwords on a regular basis and avoiding repeating passwords; 
  • training provided to both pupils and staff on what constitutes 'unauthorised access;' 
  • ensure the same level of security is applied to own devices brought on site and any devices taken off site;
  • ensure you keep computer equipment and software up to date;
  • have anti-virus or anti-malware products regularly scanning your network to prevent or detect threats and ensure these are kept up to date; 
  • have an ICT policy in place to ensure you address risks in a consistent manner and an acceptable use policy stipulating how the schools computer systems should be used;
  • ask your ICT provider to undertake a security audit to the systems containing data to help to identity any vulnerabilities which can be addressed; and 
  • arrange a free ICO advisory visit. The aims of these visits are to provide small, medium sized charities and not for profit organisations with a one day site visit and to provide practical advice on how organisations can improve their data protection practices.

3. Further information and useful contact details

Further guidance on measures that can be implemented to assist with cyber security includes guidance by the ICO and NEN – The Education Network which can be accessed by using the following links:

ICO guidance:  

A practical guide to IT security

NEN – The Education Network guidance:

E-Security: Managing and maintaining e-security/cyber-security in schools

10 steps to protect your school’s network: a guide for school leaders

Government guidance detailing free of charge cyber security programmes and resources available for schools:

Cyber Security - A guide to Programmes and Resources for Schools & Further Education 


If you would like to discuss any aspect of this article further, please contact Chris Billington on 0113 244 6100.

You can also keep up to date by following Wrigleys Schools team on Twitter here

The information in this article is necessarily of a general nature. Specific advice should be sought for specific situations. If you have any queries or need any legal advice please feel free to contact Wrigleys Solicitors


February 2016


Chris Billington View Biography

Chris Billington


20 Jun 2024

Election Manifestos and Employment Law – What to Expect?

As the election on 4 July nears, political parties have released their manifestos, including outlines of their proposals to employment law and work.

18 Jun 2024

General Election 2024 – The Education Pledges of the Party Manifestos

We look at the key policies of the main political parties for schools and academy trusts.

11 Jun 2024

Elizabeth Wilson and Jon Lee share their reflections on our Faith in Affordable Housing event held in partnership with Housing Justice

We held an event on 22nd May to celebrate our legal guide for land disposal by Parochial Church Councils.