logo-education
0370 270 6000

already registered?

Please sign in with your existing account details.

need to register?

Register to access exclusive content, sign up to receive our updates and personalise your experience on brownejacobson.com.

Privacy statement - Terms and conditions

ransomware - be aware

6 January 2017
On 4 January 2017, Action Fraud, the UK’s national reporting centre for fraud and cyber-crime, issued a cyber-security alert to schools.

Action Fraud has advised that fraudsters are initially cold calling education establishments claiming to be from the 'Department of Education'. They then ask to be given the personal email and/or phone number of the head teacher/financial administrator. The fraudsters claim that they need to send guidance forms to the head teacher.  The fraudsters claim that they need to send these documents directly to the head teacher and not to a generic school inbox, using the argument that they contain sensitive information.  The emails will include an attachment - a .zip file containing ransomware.  Once downloaded, the software encrypts files which are not released until a payment is made.

Action Fraud’s advice 

Action Fraud has advised that the following actions should be considered:
  • although the scammers may know personal details about the head teacher and use these to convince you they are a real employee, be mindful of where these have been obtained from, are these listed on your public facing website?
  • the 'Department of Education' is not a real government department (the real name is the Department for Education)
  • don’t click on links or open any attachments you receive in unsolicited emails or SMS messages
  • always install software updates as soon as they become available
  • create regular backups of your important files to an external hard drive, memory stick or online storage provider.

Our advice

Although not specifically mentioned by Action Fraud, a key element of the defence against cyber-attacks is educating staff in how to detect these campaigns, suspicious websites, and other scams.

Another consideration is to decide whether to inform the Information Commissioner if you suffer a serious security breach.

How we can help... 

Browne Jacobson has a dedicated data protection and cybersecurity team with a wealth of experience in advising clients on how to prevent, manage and recover from such attacks. 

Should you require any support or training, please get in touch.


You may also find the following interactive story on cyber resilience useful.

focus on...

Legal updates

British Airways £183m data breach fine – should schools be worried?

In a word (or three) no, not really. Before we get overexcited about BA’s hefty fine, let’s put it in perspective and remember that for the moment it is the Information Commissioner’s Office intention to levy this fine – BA will now make representations about it.

View

Legal updates

FOI requests and the use of the section 36 exemption

As schools and academies you get plenty of Freedom of Information requests. When you answer them you are effectively publishing the information to the world.

View

Legal updates

be connected newsletter for education - July 2019

As we approach the final few days of the school term, this edition of BeConnected provides you with the latest in legal updates, news and insight from the sector.

View

Legal updates

Schools and Raising Money for Charities

Traditionally there are many ways for schools to raise money for charity: bake sales, non-uniform days and throwing wet sponges at teachers.

View

The content on this page is provided for the purposes of general interest and information. It contains only brief summaries of aspects of the subject matter and does not provide comprehensive statements of the law. It does not constitute legal advice and does not provide a substitute for it.

mailing list sign up



Select which mailings you would like to receive from us.

Sign up