Government Warns Nurseries Over Elevated Cyber-Risk

The government’s National Cyber Security Centre (NCSC) has sent out cyber-security guidance to early years education and childcare programmes for the first time, amidst a higher risk to nurseries and childminders.

The NCSC, a branch of GCHQ, said pre-school education and childcare providers have become an “appealing target” for cyber-attackers as the sector makes increasing use of technology.

The NCSC said such organisations handle sensitive information and process payments, but often lack dedicated IT support.

The bespoke guidance offers tips on how to protect devices and data from cyber-attacks.

‘Practical steps’

“We know that incidents affecting the education sector are increasingly common, so it’s vital that all providers know how to secure their devices and sensitive data,” said Sarah Lyons, NCSC deputy director for economy and society engagement.

“As many early years practitioners work on their own without dedicated IT support, this guidance sets out the practical first steps they can take to protect themselves from cyber incidents.

“By following our advice, they’ll not only be keeping their businesses safe, but will also be keeping those in their care and families safe too.”

The guidance, produced in consultation with major stakeholders, covers the use of strong passwords on devices and accounts, secure communications with families, dealing with suspicious messages and other topics.

It offers advice on reducing cyber-attack risks, as well as recovery from any incidents that may occur.

Tech vulnerability

The NCSC said the four key steps for practitioners are backing up important information, the use of passwords to control access to devices and information, the use of security software to protect against viruses and malware, and dealing with suspicious messages – a common trigger for systems breaches.

“Cyber-criminals will go after anybody, provided there’s money to be made,” the NCSC says in its advice.

“It is paramount that early years settings have robust cyber security in place to help them communicate with children, families and staff delivering early education and childcare provision safely,” said children and families minister Vicky Ford.

“Like most professions, the early years sector is increasingly reliant on technology and this new guidance will support them with protecting sensitive data and minimising the risk and detriments of a cyber security incident.

Resilience

“Education settings are directly responsible for their own security and data protection so I encourage all early years providers to take steps to improve their resilience online.”

The NCSC’s website already offers guidance for other educational settings including questions for schools’ governing bodies looking to reduce cyber risks, information cards for school staff and advice for securing home learning.

The Covid-19 pandemic has led to a huge rise in the use of technology across many sectors, and a corresponding rise in cyber-crime, authorities say.

Covid-19 vaccine research has itself been one of the targets of such attacks, with Oxford University confirming an incident in February that targeted a biology lab carrying out anti-coronavirus studies.