Ransomware Attacks on the Education Sector


Let your partners know immediately of any incident - time is of the essence!

We all read far too frequently that establishments in the education sector have been victims of malicious cyber-attacks, with trends continuing to show an increased and sustained campaign across the sector.

Unfortunately, this situation has now become another “new norm” and we are all working hard to prevent any impact on our systems and operations. It’s also vital to remember the potential impact that a breach could have further downstream with external partners and software providers.

In the event of an incident, time is of the essence for investigation/remediation activities by your IT team, and they will be heavily focused on understanding the nature of the incident, minimising impact, and implementing recovery and restoring operations to core systems.

However, early warning (day 1) notifications to key suppliers are often overlooked due to the nature and damage caused by these attacks on a School or Trust.

This extra step is equally crucial activity - early action by your partners may help prevent wider spread (especially in the case of compromised accounts/credentials).


You should find the following article from the National Cyber Security Centre (NCSC) useful - it provides valuable advice and links into their early warning service to help detect malicious activity.  


**If you're a customer, here at EPM, we would always recommend immediate notification of any incident (BIG or small), so that we can work in partnership to agree on key activities and action plans to further help support you and your teams**

Content expert: Jason Agger, Editor: Annika Guerge


We can support you with your HR, Payroll & Pensions, Safer recruitment, Wellbeing and Health & Safety needs, plus much more. If you would like to find out how we can support your School or Multi-Academy Trust, please get in touch with us at services@epm.co.uk or 01480 431 993