top of page
  • Writer's pictureJacob Alcock

Nurseries and Childminders are appealing targets for Cyber-Attackers

A recent survey found that almost one in four nurseries have experienced a data breach in the last 12 months. This is no surprise when we learn that almost half of the nurseries still file paper reports, and over half of the survey respondents said that default passwords were used for systems storing sensitive data.

The National Cyber Security Centre (NCSC) has also warned that preschool providers and childminders are "increasingly relying on technology to operate" and have become an "appealing target" for cyber-attacks.

Speaking to the BBC, Sarah Lyons said that "incidents affecting the education sector are increasingly common," the NCSC (part of GCHQ) has responded with new Early Years practitioners guidance to help protect personal information and data.

Education at all age groups has become a significant target for cyber-attacks.

Why does cybersecurity matter for Early Years practitioners?

For Early Years practitioners, good cybersecurity focuses on protecting the personal or sensitive information that is held on children and their families. National Early Years legislation and advice and the Data Protection Act require early years practitioners to securely hold confidential information and records about staff and children. These records should only be accessed by those with a right or professional need to see them (physically or digitally/online).

Regardless of the size and nature of your business, the information you hold is valuable to a criminal. Whilst cyber-criminals often won't be targeting your business directly, it's all too easy to be damaged by clicking on a scam email that cybercriminals are sending out indiscriminately to millions of businesses.

Cybercriminals can affect your services through; data breaches, temporary shutdown of your office and reputational damage to the families who trust you.

Whilst this may alarm you, there's no need to panic. The newly released guidance from the NCSC has been produced to help you protect the data and devices you use. The guidance can help you save time, money and your business's reputation.

Four steps to reduce the likelihood of becoming a victim;

  1. Back up your most important information What information is the most important to you? Ensure you have a backup copy on a USB stick, an external hard drive, or the cloud. Having made your backup, ensure you know how to recover the information from it.

  2. Make sure you are using passwords to control access to your computers and information Try to avoid using predictable passwords (such as dates or family and pet names), and don't use the most common passwords that criminals can easily guess (like 'passw0rd'). Create a memorable password that's hard for someone else to guess; think about combining three random words to create a single password (for example, 'catshedtable').

  3. Protecting your devices from malware and viruses Don't put off applying updates to your apps and your device's software. Update all your apps and your operating system when prompted. Turn on 'automatic updates' in your device's settings if it is easier.

  4. Dealing with phishing attacks (suspicious messages) Spotting scam emails is tricky, but things to look out for include the following:

  • Official-sounding messages about 'resetting passwords', 'receiving compensation', 'scanning devices' or 'missed deliveries'.

  • Emails full of 'tech speak', designed to sound more convincing.

  • Being urged to act immediately or within a limited timeframe.

Free Membership banner for businesses

Education at all age groups has become a significant target for cyber-attacks. Here at the Cyber Resilience Centre, we offer a range of free cybersecurity support for education providers.

Remember, if your nursery, school, college or university has been the victim of online fraud, scams or extortion, you should report this to Greater Manchester Police and Action Fraud.


How can we support your business?

Phishing 292 x 219px.png

Raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats.


Training your employees on what a phishing attack looks like makes them more likely to identify and report scams.

security awareness training.png

Our training package is designed and delivered by cyber experts giving you access to the most up-to-date information in an ever-changing cyber landscape.

You can purchase single-place training spots or a cyber security workshop.

Community Members

Our premium membership package is aimed at medium-sized businesses and includes bespoke security awareness training sessions.


This allows your business to train several cyber security champions and an assessment of your cyber risk. 

bottom of page