Nurseries and Childminders are an appealing target for Cyber-attackers

The National Cyber Security Centre (NCSC) has warned that pre-school providers and childminders are "increasingly relying on technology to operate" and have become an "appealing target" for cyber-attacks.

Speaking to the BBC, Sarah Lyons said that "incidents affecting the education sector are increasingly common," the NCSC (part of GCHQ) has responded with new Early Years practitioners guidance to help protect personal information and data.

Education at all age groups has become a significant target for cyber-attacks.

Why does cybersecurity matter for Early Years practitioners?

For Early Years practitioners, good cybersecurity focuses on protecting the personal or sensitive information that is held on children and their families. National Early Years legislation and advice and the Data Protection Act require early years practitioners to hold confidential information and records about both staff and children securely, and these records should only be accessed by those who have a right or professional need to see them (physically or digitally/online).

Regardless of the size and nature of your business, the information that you hold is of value to a criminal. Whilst cyber-criminals often won't be targeting your business directly, it's all too easy to be damaged by clicking on a scam email that cybercriminals are sending out indiscriminately to millions of businesses.

Cybercriminals can affect your services through; data breaches, temporary shutdown of your office and reputational damage with the families who put their trust in you.

Whilst this may alarm you, there's no need to panic. The newly released guidance from the NCSC has been produced to help you protect the data and devices you use. The guidance can help you save time, money and your business's reputation.

Even if you think you're not at risk, please take some time to read the guidance.

Four steps to reduce the likelihood of becoming a victim;

  1. Back up your most important information What information is the most important to you? Make sure you have a backup copy on a USB stick, an external hard drive, or in the cloud. Having made your backup, make sure you know how to recover the information from it.

  2. Make sure you are using passwords to control access to your computers and information Try to avoid using predictable passwords (such as dates, or family and pet names), and don't use the most common passwords that criminals can easily guess (like 'passw0rd'). Create a memorable password that's hard for someone else to guess, think about combining three random words to create a single password (for example 'catshedtable').

  3. Protecting your devices from malware and viruses Don't put off applying updates to your apps and your device's software. Update all your apps and your operating system when prompted. If you find it easier, turn on 'automatic updates' in your device's settings.

  4. Dealing with phishing attacks (suspicious messages) Spotting scam emails is tricky, but things to look out for include:

  • Official-sounding messages about 'resetting passwords', 'receiving compensation', 'scanning devices' or 'missed deliveries'.

  • Emails full of 'tech speak', designed to sound more convincing.

  • Being urged to act immediately or within a limited timeframe.

Education at all age groups has become a significant target for cyber-attacks. Here at the Cyber Resilience Centre, we've just announced our free cybersecurity support for education providers.

Remember, if your nursery, school, college or university has been the victim of online fraud, scams or extortion you should report this to Greater Manchester Police and Action Fraud.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of Cyber Resilience Centre for Greater Manchester (CRCGM) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. CRCGM provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

CRCGM does not accept any responsibility for any loss which may arise from reliance on information or materials published on this website. CRCGM is not responsible for the content of external internet sites that link to this site or which are linked from it.


Cyber Resilience Centre GM, Manchester Technology Centre, Oxford Rd, Manchester, M1 7ED

0161 706 0940

Registered in England & Wales No.12309263.



  • LinkedIn
  • Twitter
Greater Manchester Logo Light.png

© 2021 - The Cyber Resilience Centre for Greater Manchester