Last reviewed 18 March 2021

The National Cyber Security Centre (NCSC) has published new guidance for early years providers on how to protect sensitive information about their setting from accidental damage and online criminals.

The cyber-agency says early years providers and childminders are increasingly relying on technology to operate and have become an appealing target for cyber-attacks. It warns that cyber-criminals could be seeking personal information about children or families, and to target the payments process for parents. The guidance also warns about malicious software, or "malware", and the need to secure devices and sensitive data.

As many early years practitioners work on their own without dedicated IT support, the guidance sets out the practical first steps early years providers can take to protect themselves from cyber incidents as follows.

  1. Back up important information – identify the data you couldn’t function without or are legally obliged to safeguard and create a proper back-up.

  2. Use passwords to control access to computers and information – switch on password protection, use strong passwords and password managers, set up two-factor authentication and communicate safely with families.

  3. Protect devices from viruses and malware – turn on antivirus products and keep IT devices up to date.

  4. Deal with suspicious messages (phishing attacks) – tips for spotting suspicious messages and unusual requests, how to report these messages and what to do if you have already responded to a suspicious message.

The full guidance and further information from the NCSC is available here.

Children and families minister Vicky Ford said:

“It is paramount that early years settings have robust cyber security in place to help them communicate with children, families and staff delivering early education and childcare provision safely.”

“Like most professions, the early years sector is increasingly reliant on technology and this new guidance will support them with protecting sensitive data and minimising the risk and detriments of a cyber security incident.”

“Education settings are directly responsible for their own security and data protection so I encourage all early years providers to take steps to improve their resilience online.”