Pupil hacked into school's system to change their grades as GCHQ roll out cyber security training for teachers

Now the security services have drawn up a training programme for school staff

A pupil who hacked into a school system to change their grades is among the incidents that prompted GCHQ to begin training teachers in cyber security.

The student gained access to a teacher’s computer after the teacher wrote their password on a post-it note stuck to their laptop.

Since the same password was used for multiple accounts, the pupil was able to access more than 20,000 records and change their grades.

Now the security services have drawn up a training programme for school staff which includes a case study based on the incident.

Schools have been urged to boost their online defences as the security services launch their first ever cyber security training programme for teachers.

The guidance was bespoke training programme was published on Wednesday by GCHQ’s National Cyber Security Centre (NCSC), which was created in 2016 as the UK’s leading authority on cyber security.

Headteachers have been told they must take action to protect children and their families from having personal and sensitive information falling into the wrong hands.

The new training comes amid a rise in ransomware attacks against education establishments which prompted the NCSC to publish an alert to schools and universities last month, warning of the dangers.

Other case studies which are part of the training and also based on real cyber incidents include school staff falling victim to a phishing email scam asking for contact details of pupils’ parents.

Cyber criminals tricked parents into redirecting school fees, leading to a substantial sum being stolen and parents’ details being sold on the dark web.

In another incident an unencrypted school USB, which contained details about thousands of pupils, was taken out of the school and then lost. It was only returned when a member of the public found it by chance and handed it in.

Last September, GCHQ stepped up support for British schools, colleges and universities following a spate of online attacks which they said had the potential to derail their preparations for the new term.

Sarah Lyons, deputy director for economy and society engagement at the NCSC, said: “It’s absolutely vital for schools and their staff to understand their cyber risks and how to better protect themselves online.

“That’s why we’ve created an accessible, free training package offering practical steps on cyber security to help busy professionals boost their defences.

“By familiarising themselves with this resource, staff can help reduce the chances of children’s vital education being disrupted by cyber criminals.”

Nick Gibb, the schools minister, said: “It is vital that schools have robust cyber security in place, and these new resources and training will help staff to increase protection from attacks.

"This training will boost support for schools, giving teachers the tools and skills they need to identify possible risks. I would strongly encourage all schools to adopt the resources and all staff to complete the training to make sure data is protected."

Last month a ransomware attack on multiple schools has left 37,000 pupils unable to access their email. The Harris Federation, which runs 50 primary and secondary academies in and around London, said it had temporarily disabled email while it deals with the cyber-attack.

At the time the Harris Federation said they were at least the fourth multi-academy trust to have been targeted in March, adding that it was a “highly sophisticated attack” and one which will "take time to uncover the exact details of what has or has not happened, and to resolve".