Nurseries sent first official cyber-attack warning

Nurseries and childminders are being warned of the threat of cyber-attacks, in guidance from the government’s National Cyber Security Centre (NCSC).

It is the first time that the agency – part of the GCHQ intelligence service – has given guidance to a sector caring for such young children.

It includes warnings to use password protection for information for parents.

“We know that incidents affecting the education sector are increasingly common,” said Sarah Lyons at the NCSC.

The cyber-agency says pre-school providers and childminders are “increasingly relying on technology to operate” and have become an “appealing target” for cyber-attacks.

Cyber-criminals could be seeking personal information about children or families, and to target the payments process for parents, warns the NCSC.

The early years cyber-security advice warns about malicious software, so-called “malware”, and the need to protect personal information and data.

“Cyber-criminals will go after anybody, provided there’s money to be made,” says the NCSC’s advice.

The cyber-security agency calls for a more secure approach to sharing information, including newsletters for parents.

“You should password protect newsletters so only families who have been given the password can open them,” says the guidance.

The NCSC says many scam emails are “preying on fears of Covid-19” and warns nurseries and child minders to watch out for fake messages trying to obtain information with false claims, including:

There are also warnings about protecting computer devices, including smartphones, and to guard against scam phone calls and text messages.

Education at all age groups has become a significant target for cyber-attacks.

A big multi-site further education college, the South and City College Birmingham, has been forced to close by a “major ransomware attack” – with the college telling students to stay home this week.

Universities faced a wave of cyber-attacks last autumn, targeting research and data and causing disruption to computer systems.

The NCSC is now widening its advice to the early years sector.

Sarah Lyons, deputy director for economy and society engagement at the NCSC, said across educational settings it was “vital that all providers know how to secure their devices and sensitive data”.

But she said many people in early years “work on their own, without dedicated IT support”.

“This guidance sets out the practical first steps they can take to protect themselves from cyber-incidents.”

“Like most professions, the early years sector is increasingly reliant on technology, and this new guidance will support them with protecting sensitive data,” said Vicky Ford, children and families minister.

“It is paramount that early years settings have robust cyber-security in place to help them communicate with children, families and staff delivering early education and childcare provision safely,” she said.