The SEROCU (South East Organised Crime Unit) has advised schools across Surrey and Sussex to be aware of a rise in M365 phishing emails.

We've had a few questions recently about parents and students recording conversations with members of staff, both covertly or overtly without seeking permission. This article only covers recordings made by external individuals, not organisations or individuals acting on behalf of an organisation.

The DfE previously issued training and guidance about the use of AI in Education - this has now changed to standards.  Standards define minimum requirements that must be met, whereas a guideline offers recommended best practice or advice. The standards outline the safety standards that generative AI products and systems should meet to be used in educational settings.

Finding the right IT partner and support provider is a big decision.  Due diligence for IT Support isn't just about who can 'fix computers', it's about ensuring standards are followed and they work with you to meet your organisation's strategy. Data Protection Education has a DfE IT Support Tracker and Supplier Due Diligence Directory to provide support and guidance as well as tracking your progress.

The Government Cyber Action Plan, published in January 2026, sets out a radical shift in how the UK public sector manages cyber security and digital resilience. It moves away from fragmented, siloed defences toward a "Defend as One" model led by a new Government Cyber Unit within the Department for Science, Innovation and Technology (DSIT).

NUNEATON, January 7, 2026 — Higham Lane School in Nuneaton has been forced to remain closed this week following a "significant" cyber attack that has crippled its entire digital infrastructure. The incident, which was discovered over the weekend just as students were set to return from the Christmas break, has left approximately 1,500 pupils unable to attend classes.

The DfE Technology in Schools survey: 2024 to 2025 was published this week. We give our views on the results:

The government has announced an additional Digital Standard to help with planning, commissioning and reviewing their IT support services.  The services can be internal, external or a hybrid.  Effective IT support is essential for maintaining technology, planning improvements and mitigating risks like outages and cyber incidents, and sits alongside the other 11 standards.

The ICO has published some updated guidance for people and organisations who work in the education sector with children and young people under 18.  The idea of the guidance is to help organisations feel confident to share personal information for safeguarding purposes.

As Cyber Security Awareness Month draws to a close, it's important to recognise that cybersecurity isn't a destination; it's a continuous journey. For organisations, particularly those in the education sector, this journey often involves working towards recognised standards and certifications. In the UK, Cyber Essentials and Cyber Essentials Plus are government-backed schemes designed to help organisations protect themselves against common cyber threats. For schools, the Department for Educat

Understanding where to get help for cyber resilience and in the event of a cyber attack is crucial for both individuals and organisations.  The good news is that there is help and guidance available!

Administrator accounts (often called "privileged accounts") are the most powerful and, so, the most sought-after targets for cybercriminals. These accounts hold the "keys to the kingdom," possessing extensive permissions to configure systems, access sensitive data, manage users, and make critical changes across an entire network or application. A single compromised admin account can lead to a catastrophic data breach, widespread system paralysis, or complete organisational takeover by attacke