Site navigation

NCSC Provides Cybersecurity Guidance for Childcare Providers

Michael Behr


childcare providers

The sensitive information held by Early Years education and childcare providers make them tempting targets for cybercriminals.

The UK’s National Cyber Security Centre (NCSC) has published new guidance to help childcare providers improve their online defences.

The new practical advice has been tailored by top cybersecurity experts for Early Years education and childcare settings. It offers practitioners top tips on how to protect their devices and data from cyber incidents.

The guidance covers topics including setting up strong passwords on devices and accounts, how to communicate with families safely and dealing with suspicious messages.

As the coronavirus drives more and more businesses online, nurseries, pre-schools and childminders are increasingly relying on technology to operate. This makes them an appealing target for cybercriminals due to the sensitive information they hold and payments they handle.

Furthermore, smaller and single-person businesses generally have weaker cybersecurity measures in place compared to larger companies, making them especially vulnerable to hackers.

NCSC Deputy Director for Economy and Society Engagement Sarah Lyons said: “We know that incidents affecting the education sector are increasingly common, so it’s vital that all providers know how to secure their devices and sensitive data.

“As many Early Years practitioners work on their own without dedicated IT support, this guidance sets out the practical first steps they can take to protect themselves from cyber incidents.

“By following our advice, they’ll not only be keeping their businesses safe, but will also be keeping those in their care and families safe too.”


The new guidance aims to help practitioners reduce the chances of falling victim to a cyberattack, and to help them recover from an incident if one does occur.

The four key steps for practitioners to follow are:

  • Backing up your important information – identifying what data you couldn’t operate without or are legally obliged to safeguard and creating a proper back-up.
  • Using passwords to control access to your computers and information – switching on password protection; using strong passwords and password managers; setting up two-factor authentication and communicating safely with families
  • Protecting your devices from viruses and malware – turning on antivirus products and keeping IT devices up to date
  • Dealing with suspicious messages (phishing attacks) – tips for spotting suspect messages and unusual requests, reporting these messages and what to do if you have already responded.

Children and Families Minister Vicky Ford said: “It is paramount that early years settings have robust cyber security in place to help them communicate with children, families and staff delivering early education and childcare provision safely.

“Like most professions, the early years sector is increasingly reliant on technology and this new guidance will support them with protecting sensitive data and minimising the risk and detriments of a cyber security incident.

“Education settings are directly responsible for their own security and data protection so I encourage all early years providers to take steps to improve their resilience online.”

Join the Debate: Scot-Secure 2021

The creation of robust cybersecurity strategies of all sizes will be a key area of discussion at the upcoming Scot-Secure Cybersecurity Conference on March 24-25th.

Hear from leading experts from across the cybersecurity sector and explore the crucial issues.

Register your free place now at:

Michael Behr

Senior Staff Writer

Latest News

%d bloggers like this: