Whilst schools and academies are in many ways unique organisations they do share an important similiarity with businesses, charities, the health service and indeed private individuals. That is, they are potential victimes of cyber crime. Schools are no more and less likely to suffer a cyber attack than any other internet using organisation. The cyber criminal makes no moral distinction between ripping off a multi-million pound plc and a charity; between disrupting the stock market and stopping your exams officer submitting candidate details. In most cases, they are using a scattergun approach - if they fire at enough targets they will inevitably hit some.
What makes a school or academy a more or less likely to suffer a data breach or randsomware attack is the organisation's start of preparedness and its ability to respond in an appropriate manner. And although technical safeguards such as a secure firewall and software updates are important, a lot of a school's defence comes from good organisational practice and awareness raising.
The NCSC (National Cyber Security Centre) and NEN have put together a set of advice and guidance for schools, academies and trusts on how to improve cyber security, how to reduce the risk of data breaches and what to do if the worst happens.
Guidance for Governing Bodies is a short document to help start a converstaion between Governors and senior leadership teams
NEN Cyber Security Advice includes the 'What if' document that provides more detail on how to prepare for and respond to an incident and the 'Cyber Security Checklist' that will help you audit your school's current state of cyber readiness and collate essential information.