Cybersecurity Guidance and Supports

Increasing number of cyberattacks on schools: There are a number of reasons for the increasing number of cyberattacks and cyber-incidents affecting schools. Schools have become highly reliant on digital and online systems, as they manage large amounts of critical  data, including personal data on staff and students/pupils, as well as data relating to teaching and learning. The shift to using digital and online learning has significantly increased the risk, as schools increasingly rely on a range of digital and online tools. As a result, schools have become more ‘attractive’ targets for cybercriminals.

• Data relating to individuals is valuable and is bought and sold for profit by cybercriminals as a commodity on the ‘dark web’.
• Schools don’t see themselves as profitable and attractive targets, however research clearly shows that cyberattacks on schools are rapidly increasing.
• It’s no longer a matter of ‘if’ a school will be attacked or experience a cyber-incident, it’s a matter of ‘when’ and ‘how’.
• Schools have significant quantities of ‘potentially profitable’ data on staff and students/pupils.
• Many users have the same or similar login details to access different school and non-school services. In such cases if an attacker gains access to just one user personal or school account they could then easily gain access to other accounts of that user.
• While cyberattacks are generally perceived as being from external parties, they can also be initiated by an internal school staff member or student.
• Schools generally lack the necessary expertise and resources to implement effective cybersecurity measures, leaving them exposed to increasingly sophisticated attacks from cybercriminals.

These two initial resources are provided to assist schools in raising cybersecurity awareness, and in training their staff and students about cybersecurity, cyber-incidents including typical examples of cyberattacks on schools.

Firstly this slide presentation is an oveview on cyberscurity and can be downloaded from here: 

Secondly this short text based summary document on cybersecurity focuses on the reasons behind increasing levels of threats to schools, and on malware and phishing. It can be downloaded from here: 

We also present two ‘Quick Guides’ from the National Cyber Security Centre (NCSC), on Cybersecurity for Schools  and on Phishing.

Cybersecurity priority areas for schools: For each of the areas listed below we have provided some self-reflection review questions for schools so that they can assess their own cybersecurity readiness against the threats of cyberattack or a data breach.

• Overall School Cybersecurity Policy
• Controlling access to key systems and data
• School network/WiFi security, other systems
• Software and application security updates
• Protecting computing devices
• Data backups and recovery
• Incident response and recovery
• Cybersecurity awareness and training

This document allows schools to review each of these areas in detail and can be downloaded from here:

In this section we provide a school cybersecurity policy template which addresses the seven areas below. Schools can modify and adapt the policy template to address specific details in their own school.

1. Controlling access to key systems and data
2. School network/WiFi security, other systems
3. Software and application security updates
4. Protecting computing devices
5. Data backups and recovery
6. Incident response and recovery
7. Cybersecurity awareness and training

A School Cybersecurity Policy Template, which schools can review and adapt to meet their own circumstances is provided here

A ‘Table of school Roles and Responsibilities’ referred to in the Schools Cybersecurity Policy Template, is provided here:

This resource is provided to raise awareness within the School Leadership Team about cybersecurity, cyber-incidents including typical examples of cyberattacks on schools.

The slide presentation can be downloaded from here: 

Three additional cybersecurity guidance resources are provided to assist schools in adapting the Schools Cybersecurity Policy Template to meet their own specific needs.

Firstly an Authentication/Access Policy Guide and Template is provided. Authentication is a process to ensure that only users with the correct login/access details are allowed to access digital and online schools resources and systems. This guide can be downloaded from here:

Secondly a ‘Cybersecurity Incident Response and Recovery Guide’ is provided to ensure that when a cybersecurity incident or data breach does occur, that the school already has a plan in place outlining how it will respond to the situation. It can be downloaded from here:

Finally a short guide is provided on Cybersecurity Awareness and Training in schools for staff and students/pupils. It can be downloaded from here: 

Frequently Asked Questions (FAQs):  If schools have cybersecurity related questions they can email these to Oide Technology in Education at ictadvice@oide.ie

A new free online course on cybersecurity specifically for School Leadership and Digital Leadership Teams will be available soon. Once it’s available we’ll add the details here: