Cyber Security Checklist for Schools

Use this school cyber security checklist to review your current setup, identify gaps and highlight areas that may need attention.

Classroom365 is Cyber Essentials Plus certified and helps schools and academy trusts raise cyber security awareness and review key cyber risks.

This checklist is designed to help schools and MATs review common cyber security controls, including access management, patching, backups, cloud security and incident response. It can also support wider discussions on the DfE digital and technology standards and the NCSC cyber security guidance for schools.

Download the School Cyber Security Checklist PDF (opens in a new window)

Step 1 – Cyber Security Health Check


Network, Servers and Cloud Services

  • We have an up-to-date network diagram.
  • Firewalls are configured and regularly reviewed.
  • Servers (on-prem or cloud) are supported and fully patched.
  • Key cloud services (e.g. Microsoft 365 / Google Workspace) are configured with security best practices.

Access for Staff and Students

  • Staff accounts are separate from pupil accounts.
  • Admin accounts are only used for administration tasks.
  • Staff and pupils use unique logins (no shared accounts).
  • MFA is enabled for staff where possible.

Backups, Patching and Endpoint Protection

  • Regular backups are taken of critical systems and data.
  • Backups are stored securely and tested at least once a year.
  • Operating systems and applications are patched regularly.
  • Antivirus/EDR is installed and reporting correctly on all key devices.

Policies and Procedures

  • We have up-to-date acceptable use policies for staff and students.
  • We have a written incident response procedure.
  • Staff know how to report a suspected cyber incident.
  • Our Data Protection and Safeguarding policies reference cyber security.

Step 2 – Roadmap and Priorities

  • We have identified our top 5 cyber security risks.
  • Quick wins have been scheduled this term.
  • Medium-term improvements are planned over the next 12 months.
  • Budget has been allocated for key security improvements.
  • For MATs: a common baseline standard has been agreed across all schools.

Step 3 – Ongoing Monitoring and Support

  • Security alerts are actively monitored (by internal IT or a partner).
  • Regular patching and maintenance windows are agreed upon.
  • Logs and reports (e.g. from 365/Google, firewalls, AV) are reviewed.
  • Staff receive regular refresher training on cyber security.
  • We review our cyber security posture at least once a year.

Need help working through this checklist?

Cyber risks such as phishing and ransomware continue to affect schools, so it is important to review your current setup and address any gaps.

Please get in touch, and we can advise on the next steps to protect your school from data breaches and network downtime.

Tel: 020 7952 5308 (tap to call from mobile)

Email: cybersecurity@classroom365.co.uk

We have reviewed the top 5 cyber security risks affecting schools, including phishing, ransomware and account compromise.

Download the School Cyber Security Checklist PDF (opens in a new window)