One in three schools hit by fraudsters impersonating staff emails

Schools have been warned they face particular cyber-security risks on exam and results days

Schools have been warned they face particular cyber-security risks on exam and results days

17 Jan 2023, 5:00

More from this author

More than a third of schools polled across England have been hit by fraudsters impersonating their emails, according to a new survey.

The government’s National Cyber Security Centre and the charity National Grid for Learning (LGfL) also warned cyber-attacks “can be expected to coincide with public examinations” or results days — with hackers betting ransoms are more likely to be paid at critical periods.

Their latest school audit report warns schools must show “vigilance” as they are at “particular risk from cyber-criminals”.

More than three-quarters of UK schools surveyed had experienced some form of cyber-security breach or incident, suggesting all schools should assume they will face an attack – and “this could be tomorrow”.

Earlier this month the BBC reported a hacking group had leaked highly confidential documents from 14 schools, while last month Dixons Academies Trust revealed a cyber-incident had caused “some disruption”,

Data leaks and email fraud on the rise

Their poll of 805 schools across the UK last year found:

  • Some 26 per cent of UK schools had seen people impersonate their emails, up from 20 per cent in a smaller 2019 poll. The 2022 figure was for so-called “spoofing” was even higher in England at 38 per cent. LGfL called it a “worrying trend” given most ransomware attacks occur via email.
  • More schools reported staff had been sent fraudulent emails, or been directed to fraudulent websites. Such issues were again most prevalent among English schools responding, at 87 per cent.
  • Seven per cent of UK schools had previously been “significantly disrupted” by cyber-attacks, with 42 per cent taking at least a week to recover. LGfL noted this “represents potentially tens of thousands of pupils”, affecting teaching, exams or systems keeping children safe.
  • Around one in five respondents had experienced periods without access to important information, and the same reported suffering malware or ransomware attacks.
  • The percentage reporting confidential information held online had been leaked more than doubled to 7 per cent between 2019 and 2022.

Cyber-security a ‘Rubik’s cube’ for schools

Sarah Lyons, director for economy and society at NCSC, part of GCHQ, said: “Our schools rely so much on the myriad of data required to run efficiently – including sensitive data on students, parents, governors and staff – therefore more work must be done to support the cyber security around these essential services.”

LGfL’s cyber-security lead Mark Bentley said IT safety could “feel like a Rubik’s cube” for schools, as every week “seems to bring new threats”.

He also said recruiting qualified experts was a “significant challenge and an additional expense”, but schools could still “do a lot” and recommended staying on top of the latest advice.

Only half have cyber-attack contingency plans

The report found 49 per cent of UK schools had contingency or continuity plans covering cyber-attacks, but 30 per cent did not. The rest were “unsure”.

Only 53 per cent of schools said they felt “prepared” for a cyber-attack, but it marked a slight increase on 2019. Awareness of phishing, and the extent of training for non-IT staff, also improved.

LGfL said that while most schools had effective antivirus solutions, “all too frequently schools sign up…but don’t active all its features or install it on all devices”.

One in four respondents said they did not use multi-factor authentication to safeguard online accounts, and the same proportion did not limit staff access to USBs that risk compromising systems. Four per cent said they had no back-up facilities.

More from this theme


Hinds says ‘all schools’ restrict phones, and 5 more key findings

Schools minister also says the 'option' of statutory mobile phone guidance remains

Freddie Whittaker

CST calls for policy changes over ‘unsustainable’ parent complaints

Academy body says rise in complaints is putting 'significant pressure on school leaders’

Jack Dyson

Poverty: Trusts spend six-figure sums to support ‘crisis’ families

News comes amid calls for chancellor Jeremy Hunt to hand out more education cash in next week's budget

Jack Dyson

Heads and teachers working longer despite workload push

Key government workforce survey reveals longer working weeks, less job satisfaction and more anxiety

Samantha Booth

Number of children ‘missing education’ rises a quarter

117,000 children were not registered at a school and not receiving a suitable education elsewhere at some point last...

Freddie Whittaker

‘Elite’ Star and Eton sixth forms reveal ‘clearing house’ careers role

Partnership between academy trust and top private school also opens new 'think and do' tank

Schools Week Reporter

Your thoughts

Leave a Reply

Your email address will not be published. Required fields are marked *