The UK’s National Cyber Security Centre (NCSC) has issued its first ever cybersecurity warning to nurseries and childminders.
The agency, which is part of the nation’s GCHQ intelligence service, said that the education sector’s increasing reliance on technology has made it an “appealing target” for cyber-criminals.
In a new set of guidelines published online, the NCSC warns early years practitioners that part of safeguarding the children in their care is making sure that sensitive data belonging to those children and their families doesn’t fall into the wrong hands.
“You may not think it, but regardless of the size and nature of your setting, the information that you hold is of value to a criminal,” said the NCSC.
Nurseries are advised to keep a backup copy of essential information like staff records, family contact details in an emergency, and business-critical data such as email, fee payments, banking information, and invoices.
The guidelines also recommend controlling access privileges to devices used on site by implementing strong passwords and two-factor authentication. Access to communications and images should also be restricted.
“If you send out newsletters, social media posts, or any other communications that include photos or details of children in your care, make sure you control who can access these,” said the NCSC.
“For example, you should password protect newsletters so only families who have been given the password can open them. You should also check the privacy settings across any social media accounts you use, so that only the child’s carers have access.”
To protect devices from viruses and malware, nurseries are advised to use antivirus software on the laptops and other computers in their facility and, when installing apps and software onto smartphones, to go through official app stores only.
Phishing was singled out as a cyber-attack that pre-schools should be particularly wary of.
“Many phishing emails are currently preying on fears of COVID-19, but criminals can also use other methods to trick you, such as sending text (SMS) messages, or by phone,” warned the NCSC.
The guidelines advise nursery managers to “think about how you can encourage and support your staff to question suspicious or just unusual requests, even if they appear to be from important individuals.”