In news that may concern the parents of pre-school children around the country, the UK Government’s National Cyber Security Center (NCSC) has issued a warning regarding cyber-attacks on childminders and children’s nurseries in recently published guidance.  The guidance sets out a number of practical steps to help childminders and nurseries protect themselves against cyber-attacks.

While cyber-attacks impacting educational establishments are becoming increasingly common (with cyber-incidents in respect of the University of Central Lancashire, the University of the Highlands and Islands and Queen’s University in Belfast being reported in the last few weeks alone), this is apparently the first time that the NCSC has issued guidance to care providers of such young children.

The NCSC notes that providers of nursery education and childminders can be an attractive target for cyber attackers, as they become ever more dependent on technology.  The guidance stresses the importance of taking steps to protect smartphones, computers, laptops, tablets and similar devices from cyber criminals and also emphasises that cyber security is important in safeguarding the young children in the care of such providers.  

The new guidance covers four main areas, including backing up important information, using passwords to control access to computers and information, protecting devices from viruses and malware and dealing with suspicious messages or “phishing” attacks.  The guidance notes, among other things, that personal data should be protected and stresses the dangers of malware, while also recommending greater security around sharing information, for example, in respect of newsletters for parents, which the NCSC suggests should be password protected.

Regarding phishing attacks, the NCSC observes that - as in other sectors - many cyber-criminals are sending phishing emails, which are “preying on fears of Covid-19” and stresses that childminders and pre-school care providers should be on the alert for false messages attempting to extract information by making false claims, (e.g. in respect of receiving compensation, scanning devices and re-setting passwords), noting that scam text messages and phone calls may also be an issue.

The guidance will, no doubt, be welcomed by early years’ care providers, many of whom lack dedicated IT support, and should hopefully help to protect both providers and children and their families alike.