This is the third blog in our cybersecurity series from Lloyd Passingham, Arbor’s Senior DevSecOps Engineer. Before joining Arbor, Lloyd served in the military, bringing a unique perspective to his work in security. Passionate about safeguarding information and empowering others, Lloyd is dedicated to protecting Arbor’s data and fostering a strong culture of security both within the organisation and beyond.

Running a school throws enough curveballs; worrying about whether your MIS data is safely backed up shouldn’t be one of them. Your MIS holds the vital information at the operational core of your school. Let me lift the bonnet and show you how Arbor ensures your school’s information is safe, secure, and ready to be recovered if needed.

–

Encrypted: In-transit and at-rest

Just like we use modern TLS 1.3 encryption to secure your data in-transit to Arbor, we also protect it when it’s stored. All your school’s information rests securely within our virtual private cloud, encrypted using industry standard AES-256 encryption. Our comprehensive approach to data security and backups is independently audited to meet the ISO 27001:2022 standard.

–

Multiple layers of protection

We believe in a “belt and braces” approach. Relying on a single backup method isn’t enough, so we employ multiple, overlapping strategies to ensure your data is protected from different angles as well as aligning with the DfE and NCSC recommended 3-2-1 backup approach:

• Daily Snapshots: Imagine taking a photograph of your database every 24 hours. That’s essentially what our daily snapshots do. They provide a complete picture, allowing for a quick rollback to a recent state. While effective, the worst-case scenario could mean losing up to 24 hours of work – if we only relied on this method – which is why, unlike other MIS providers, we don’t stop here!
  
• Continuous Point-in-Time Recovery (PITR): This is where things get really clever. Alongside snapshots, we continuously stream backups, logging changes as they happen. This powerful system allows us to restore your Arbor MIS not just to a specific day, but to any specific second within the last 30 days. Accidentally overwritten the year’s timetable five minutes ago? With PITR, it’s highly likely we can wind the clock back and retrieve it precisely.
  
• File Versioning: What about all those important documents, reports, and policies you upload? We’ve got that covered too. Arbor automatically keeps previous versions of your uploaded files. If a file gets accidentally overwritten or deleted, you can breathe easy knowing we can restore an earlier version.
  
• Comprehensive Audit Logs: While not strictly a backup it’s worth talking about our database audit logs. Turning back time to revert a change, even just a few hours, could still be disruptive if you have to re-do your work. Have a chat with our support team who may be able to surgically undo some changes without needing to rollback your whole MIS.

–

Location, location, location

Having backups is great, but what if something happens to the place they’re stored? We’ve planned for that. All your backups are securely copied to three separate, geographically isolated data centres across the UK. This means they are physically distant from each other, safeguarding them against localised issues like fires, floods, or major power outages. Even if a significant incident impacts one location (which is extremely unlikely), your data remains secure and accessible from the other two.

–

Built to last

Once backups are created we’ve layered protections to make sure they stay safe and secure. Backups are stored using a tamper-proof Write-Once-Read-Many (WORM) format. This clever technology means that once a backup is written, it cannot be altered or deleted (until its planned expiry) protecting against accidental changes and malicious tampering.

Backups are stored in an environment that is logically separate from the live Arbor service. This is a vital defence against threats like ransomware, ensuring that even if the live system were compromised, the backups remain unaffected and available for recovery.

–

Tried and tested

A backup plan is only useful if you know it works. That’s why regularly testing our restore procedures is a standard part of our operations. We don’t just hope it works; we actively practice recovering data to ensure that if the worst happens, we can restore your service quickly, efficiently, and correctly.

–

Always on

You have a school to run; you shouldn’t need to worry about triggering backups. Our entire backup process is fully automated. Furthermore, we have sophisticated monitoring tools constantly watching over these systems. If any issue arises – whether it’s a hiccup in creating a backup or a problem during a test restore – our dedicated engineers are alerted immediately, ready to investigate and resolve it.

Behind the scenes, our DevOps team refines and tests our backup and recovery strategies. They ensure our approach not only meets today’s best practices but is also ready for tomorrow’s challenges. This all adds up to a robust system designed to give you confidence that your school’s data is safe, secure, and recoverable, letting you focus on your school.

The post How Arbor keeps your data backed up appeared first on Arbor.

This is the second blog in our cybersecurity series from Lloyd Passingham, Arbor’s Senior DevSecOps Engineer. Before joining Arbor, Lloyd served in the military, bringing a unique perspective to his work in security. Passionate about safeguarding information and empowering others, Lloyd is dedicated to protecting Arbor’s data and fostering a strong culture of security both within the organisation and beyond.

Cybersecurity is no longer just an IT issue; it’s essential for safeguarding students and keeping schools running smoothly. In fact, the 2024 Government Cyber Survey revealed that 71% of secondary schools and 52% of primary schools identified a breach or attack within the last year, considerably higher than the average UK business (50%) or charity (32%). With threats like ransomware, extortion, and insider breaches on the rise, schools must take a proactive approach to security.

In this document

Why is cybersecurity so critical for schools right now?

Our reliance on digital learning tools and the vast amounts of sensitive data schools hold make them increasingly attractive targets for cybercriminals. The potential disruption to learning, exposure of student and staff information, and significant financial and legal repercussions underscore the urgent need for robust cybersecurity measures.
The impact isn’t just financial; it disrupts education and raises serious safeguarding concerns.

In this post, I’d like to share my experience of how I strengthened the security culture at Arbor and offer some ideas you can implement within your school to help protect students.

Cybersecurity, child safeguarding, and the growing threat landscape

Over the years, I’ve seen first hand how schools are increasingly targeted by cybercriminals. Educational institutions store vast amounts of sensitive data – student records, financial information, and staff details – yet often have limited cybersecurity resources, making them attractive targets.  When an attack hits, it disrupts learning, exposes sensitive data, and can have serious legal and financial repercussions.  Here are some of the key threats schools face today (scroll through by dragging with your mouse):

Ransomware

Attackers use malicious software to encrypt school systems and demand a ransom for their release. These attacks can cripple administrative operations, delay teaching, and force schools into costly recoveries whether they pay the ransom or not. ( Watch GovernorHub’s interview with The Harris Foundation Trust’s CEO Sir Dan Moynihan. “The whole thing cost us three quarters of a million pounds.”) Some more recent examples show the devastating impact: Blacon High School in Chester faced temporary closure in January 2025, Charles Darwin School in London sent 1,300 students home in September 2024, and the Fylde Coast Academy Trust saw all ten of its schools affected, leading to ransom demands.

Extortion

Cybercriminals don’t always just lock data; sometimes, they threaten to leak sensitive student or staff information unless their demands are met. The exposure of sensitive data can have lasting consequences for individuals and severely damage a school’s reputation.

Fraud

Attackers impersonate trusted figures such as school leaders, governors, Ofsted inspectors, or suppliers to trick schools into transferring money or sharing login credentials. Phishing emails – the most common attack vector reported by 92% of primary and 89% of secondary schools – can lead to unauthorised access, payroll fraud, or even fake invoice payments. Wembley Multi-Academy Trust tragically lost almost £400,000 through such a scam targeting a supplier’s email.

Denial of Service (Dos) Attacks

By overwhelming a school’s network with traffic, attackers can knock key systems offline for hours or days. These attacks disrupt both day-to-day operations and long-term planning. Arbor MIS monitors and mitigates against denial of service attacks and has seen a growing trend in the frequency and severity of denial of service attacks targeting individual schools.

Insider threats

Not all threats come from outside. A well-meaning staff member clicking on a malicious link, leaving a computer unlocked or keeping passwords on a sticky note can open the door to attackers. Meanwhile, disgruntled employees or students with access to internal systems may misuse their privileges, either for financial gain or out of frustration.

What measures should you put in place?

By putting robust cybersecurity measures in place and building a strong culture of cyber security safety, we can protect critical assets like student data and essential systems. Here’s what I recommend:

• Adopt a secure, cloud-based MIS

A modern, cloud-based Management Information System offers significant security advantages beyond just off-site storage. Solutions like Arbor are designed with security in mind, benefiting from:

• Automatic security updates
• End-to-End encryption
• Built-in compliance and access control features
• Disaster Recovery

• Regular security training

Make sure both staff and students know how to spot potential threats and how to respond. Training should be ongoing and cover identifying phishing emails, strong password practices, multi-factor authentication, malware risks, social engineering, and secure data handling. Make it engaging and relevant to your context; examples from your school go a long way to making it ‘real’. Consider running simulated phishing exercises – research shows repeated simulations can decrease susceptibility and positive reporting indicates increased awareness.

• Implement strict access controls

Limit who can access sensitive information using Arbor’s role-based access permissions and implement strong network security like firewalls. Follow the principle of least privilege, granting users only the minimum level of access required to perform their job duties.

• Keep software up to date

Software updates are essential for system security as they often patch vulnerabilities. Software vendors like Arbor can handle much of this for you but it’s important to consider the software and devices that you have running in your school like desktop PCs and smart classroom tech.

Building a security culture at your school

In my experience, a strong security culture isn’t built on policies or technology alone – it’s about people. A truly secure school starts with an open, whole-school approach, where cybersecurity isn’t just the IT team’s responsibility. Leadership buy-in is fundamental; when MAT leaders, governors and headteachers champion security, it sets the tone. Staff, students, and even guardians all play a role.

The key to making this work is an open and inclusive culture. When people feel comfortable talking about cybersecurity, reporting concerns, and asking questions, security stops being a hidden problem and becomes part of the school’s everyday thinking. Fear of blame often discourages reporting, but silence makes things worse. A security issue ignored today can turn into a crisis tomorrow.

That’s why at Arbor I focus on empowering people, not just enforcing rules. Recognising and celebrating good security behaviour makes a difference; every small act of vigilance counts. We introduced a phishing report leaderboard, turning cybersecurity awareness into something positive and visible for the whole company. Instead of making security feel like an obligation, it becomes something people engage with.

But awareness alone isn’t enough. Security needs to be practical and relatable. Regular training helps, but it can feel disconnected from reality. 

We have found it demonstrably more effective making security personal. When starting discussions of threats, I ask people to think like an attacker:

“If you wanted to break into your school, how would you do it?” 

This shift in perspective makes security real. It encourages people to recognise risks in their own environment rather than treating cybersecurity as an abstract concept.

Security threats don’t go home when the bell rings. Poor personal security habits, such as password reuse or neglecting multi-factor authentication, can inadvertently introduce risks. You can reframe security guidance as not merely a technical defense, but a tangible resource that empowers staff to understand and implement security measures that keep them safe.I like to think of security awareness as an employee benefit. By following best practices, staff can protect their personal assets like banking and email security, too.

Continuous improvement

The final piece I want to talk about is continuous improvement. Security isn’t a box to check once a year to pass an audit but an ongoing, whole-team commitment.

Cyber threats evolve, so must we. Strong feedback loops allow us to monitor how quickly we can detect and respond to incidents, reflect on what’s working (or what isn’t), and adapt accordingly. 

“The price of freedom is eternal vigilance.” – Thomas Jefferson

Activity recommendations for students, staff and parents

I’ve collected a handful of resources you might find useful for running lessons, workshops or engagement sessions at various levels in your school to get your people thinking about security and their role within your security culture:

KS1

Smartie the Penguin – an engaging storytelling collection of six stories exploring life online for 3-7 year olds. Teaching children the foundations of security culture behaviour, notably speaking up if something doesn’t seem right and seeking help from a trusted adult; you might incorporate these stories as a whole class exercise during circle time. The song can be a real earworm!

KS2

NCSC CyberSprinters – Award-winning gamified online security resources for 7-11 year olds. These resources include a game that can be played on mobile, tablet or desktop. Mini-games focus on essential topics such as identifying phishing emails, creating strong and memorable passwords, and understanding the importance of regularly updating their devices. Personally I am a fan of the practitioner-led exercises – in particular lesson 2 “Protecting your devices”. The security mapping exercise has 105 combinations allowing plenty of room for novel and open discussions as well as opportunities to correct misconceptions.

KS3

Another excellent resource from the NCSC is their CyberFirst Navigators series. Highlighting to students common cyber scams and malicious activity that they might come across online. Many students this age may have their own personal mobile devices and begin exploring the internet on their own. Communicating with friends and others online presents new risks where protections like strong passwords, multi-factor authentication and general Cyber Hygiene are vital to staying safe. You might look to incorporate authentication lessons such as choosing a strong password during new year intakes where students are first set up on your school’s IT systems.

Parents & Guardians

Providing parents and guardians with a clear and easy way to report security concerns or suggestions is essential; this could be a dedicated email inbox or submission form. Additionally, internetmatters.org Parental Controls Guides give guardians quick access to simple guides on how to implement parental controls on a huge number of different platforms. From Roblox and Fortnite to WiFi routers and mobile devices.

Staff

Organise a staff workshop where you collaborate and “think like an attacker” to identify security vulnerabilities. Divide staff into small teams and assign each team a specific area of focus, such as email, MIS, or IT networks. Have each team mind map potential threats or ways to exploit vulnerabilities within their assigned area. For example, a team focusing on email might consider a phishing attack scenario, while a team focusing on MIS might consider unauthorised student access. After identifying potential threats, have each group discuss and develop preventative measures, and then share their ideas with the group. Identify 2-3 actionable steps that can be taken in the short term to address some of the vulnerabilities and give updates on the progress to address them, ensuring continuous improvement.

Leaders

Put your security culture to the test and run a tabletop exercise from NCSC’s Exercise in-a-box. These are valuable and immersive ways to find out how well protected (or not) your organisation is and identify opportunities to improve your response to disasters before it becomes a reality. There’s plenty of choices and they range from micro-exercises that take a few minutes to an afternoon’s investment to see how you would handle a ransomware attack. These exercises provide practical scenarios for leadership teams to evaluate and refine their security strategies.

Tracking success of your school’s cybersecurity measures

A good cybersecurity culture is measurable and the results of measuring the attitudes and behaviours of the people in your culture will enable you to make informed decisions and take the right actions to improve your security posture. If you are concerned that your security culture isn’t good right now – don’t be. By measuring the current state you can establish your baseline to measure improvement and then report it back to staff (which in-turn motivates them to do better).
Some easy metrics you can start gathering:

• Number of phishing emails reported
• Number of security incidents reported
• Patch management compliance %
• Security training completion rates
  

Notice how I have focused on metrics that demonstrate positive behaviour – if you are seen to value the absence of problems then staff are encouraged to keep quiet to keep the metrics looking good. Consider how you can formulate your security metrics in terms of success.

Key takeaways

• Cybersecurity is critical for safeguarding students and school operations, with UK schools being prime targets
• Understanding specific threats (ransomware, phishing, fraud) is crucial
• Building a strong, open cybersecurity culture involving everyone – led from the top – is essential
• Proactive measures like regular, engaging training (for staff and students) and investing in secure systems (like cloud-based MIS) are vital
• Cybersecurity is a shared, ongoing responsibility requiring continuous improvement and measurement

If you’re looking to boost your school’s cyber resilience, I’d urge you to check out the latest guidance for schools from the National Cyber Security Centre (NCSC). They offer a wealth of tailored resources, including specific advice for governors and trustees, staff training packages, technical guidance for IT teams, and even resources for engaging students.

Final ask

Don’t wait for a cyber incident to happen to your school. Take the first step today by having an open conversation with your team about your current security posture and how you can collectively strengthen your school’s defenses.

Also, turn on multi-factor authentication!

–

The post How to build a strong cybersecurity culture in your school appeared first on Arbor.

Today’s blog is from Lloyd Passingham, Arbor’s Senior DevSecOps Engineer. Before joining Arbor, Lloyd served in the military, bringing a unique perspective to his work in security. Passionate about safeguarding information and empowering others, Lloyd is dedicated to protecting Arbor’s data and fostering a strong culture of security both within the organisation and beyond.

Phishing attacks are a common way cybercriminals attempt to gain access to systems or steal sensitive information, with attacks against schools increasing year on year. These attacks disguise themselves as routine communications, such as incomplete attendance registers, payment issues, or even messages from your MIS. In a busy school environment, it’s easy to mistake a phishing email as a genuine request.

The best defence is learning how to identify phishing attempts. By educating yourself on what phishing looks like and how to report it, you can help keep your own and your school’s data safe. 

–

What is phishing? 

Phishing is a method used by criminals to trick people into sharing sensitive information or clicking harmful links via fake emails, text messages, or phone calls. Their goals often include:

• Stealing personal data like login credentials or sensitive information
• Installing malware on devices to cause further damage
• Manipulating victims into sending money

Attackers often impersonate trusted individuals or organisations, such as your headteacher, MIS provider, or even Ofsted, to make their messages seem legitimate.

–

How to spot a phishing attack

Phishing tactics have become more sophisticated as criminals get smarter and use new tools like AI, making attacks harder to spot. Criminals now use convincing language and fewer grammatical errors to appear credible. Despite this, phishing emails often contain tell-tale signs. Watch for these red flags:

Urgency

Scammers try to quickly gain your trust. They aim to pressure you into acting without thinking. Messages that pressure you to act quickly (e.g., “respond immediately” or “within 24 hours”) often aim to bypass your critical thinking.

Authority

Is the message claiming to be from someone official? For example, your headteacher, Ofsted, The DfE, or your MIS provider. Criminals often pretend to be important people or organisations to trick you into doing what they want. 

Emotion

Does the message make you panic, fearful, hopeful or curious? Criminals often use threatening language, make false claims of support, or tease you into wanting to find out more by clicking on a link or downloading an attachment.

Current events

Are you expecting to see a message like this? Criminals often exploit current news stories, big events or specific times of year (like census) to make their scam seem more relevant to you.

Questionable links or attachments

As a best practice, never click on any hyperlinks or download any attachments from emails you aren’t expecting. You can verify the validity of a link by hovering over the link without clicking and checking if the URL is consistent with what you’re expecting.

Unreasonable request

Are you being strongly compelled to follow a link, open an attachment, or submit credentials? Does the message warn of dire consequences if you fail to respond? Is this the kind of language the sender would normally use? These can be clues that someone is pretending to be as someone they aren’t. If it seems unusual, trust your gut and report it to your security team right away.

–

How to check if an email is genuine

If you have any doubts about a message, stop the conversation and think. Try to contact the organisation directly to verify. Don’t use any phone numbers of email addresses given to you – use the details from the official website or any contact details you have previously recorded. Any well-meaning person will understand that you’re trying to keep safe: verifying requests is a normal thing to do.

–

Mitigate phishing attacks by enabling two-factor authentication

You can greatly reduce the impact of phishing attacks by enabling two-factor authentication (2FA). With 2FA, even if a criminal gains someone’s password, they won’t be able to access systems without the second layer of security (often a mobile phone or physical device).
For guidance on enabling 2FA in Arbor visit our Help Centre article: Setting up two-factor authentication for School and MAT MIS users 

–

What to do when you receive a phishing email

Here are five steps to take if you suspect you have received a phishing email:

1. Avoid clicking links or downloading attachments 

Opening a link might be enough to compromise your computer or take over any active login sessions you have. Attachments may contain malware that could damage your computer or spread through the network.

2. Don’t reply to the sender

 Engaging with the email confirms your address is active, making you a future target.

3. Report the email, then delete

Notify your IT or security team through your school’s reporting process. They can investigate and warn others.Share details with colleagues to help them avoid falling for the same scam. Once confirmed as phishing, delete the email and empty your trash folder to prevent accidental exposure.

You can also forward suspicious emails that you think are a scam to the National Cyber Security Centre at report@phishing.gov.uk. For more information, click here.

If you think you may have been the victim of fraud or cybercrime and incurred a financial loss or have been hacked as a result of responding to a phishing message, you should report this to Action Fraud here.

4. Strengthen your security

• Change your password immediately: Ensure it’s unique and strong. Update it on other systems if reused elsewhere
• Enable Two-Factor Authentication to strengthen account security

5. Contact your IT Team

They’re there to help mitigate risks and secure systems if necessary

–

Final thoughts

Phishing attacks are a persistent threat, but with the right precautions and a cautious mindset, you can help protect your school’s systems and sensitive information. Remember, it’s always better to verify than to assume. By reporting suspicious emails and encouraging others to do the same, you contribute to a safer and more secure environment for everyone.

The post How to spot a phishing attack at your school appeared first on Arbor.

–

1) We have full data security accreditation

• ISO 27001  –  We are accredited by the International Organisation for Standardisation (ISO) . The ISO is an independent, non-governmental international organisation that ensures the quality and safety of software like Arbor around the world. We are accredited under ISO27001, the international benchmark for data security
• GDPR  –  We meet and exceed the requirements of GDPR, protecting the school data we store with a comprehensive Information Security Management System. Arbor MIS gives you enterprise provisioning secure logins (e.g. via Google SSO and 2FA), allows you to retrieve all the data you need for Subject Access Requests (SAR), and helps you monitor and delete data through “out-of-the-box” data retention dashboards
• Cyber Essentials  –  We are certified with Cyber Essentials and are audited annually. This means our IT systems are security approved by an accreditation body selected by the NCSC and we have technical defences in place against cyber threats
• ICO  –  We are registered with the Information Commissioner’s Office (ICO) for data protection. The ICO is the UK’s independent authority that upholds public information rights and controls organisations use of staff or customer data

–

2) Our digital security

• Protected by the cloud  –  Your school data is stored on our central, cloud-based system, rather than any individual device. This means if there’s a security breach at your school, your data is less likely to be lost or compromised. Your data is only accessible with a secure login and the system automatically logs out after a period of inactivity, meaning there’s less chance of it getting into the wrong hands
• Only you can see your data  –  Our database uses bank-grade, end-to-end, 256bit SSL encryption for transmitting data, and AES-256 bit encryption for all stored data, which means only you can see your data. Student data is never shared with third parties without your schools’ consent
• Analyse data securely  –  With our built-in BI analysis, you can go deep into the detail of your data within Arbor MIS. But if you do want to pull data out, you can download it as a file or as a secure “Live Feed” which can be password protected. You can keep central control access to this data and cut the link if necessary
• Your data is secure because our data is secure  –  At Arbor HQ, our data is hosted by Amazon Web Services’ London data centre. Arbor is approved by the DfE list for cloud suppliers and registered on the UK government’s G-Cloud V11 framework, which audits the security of cloud-based providers
• We lock down access to our databases to specific individuals, and only allow access through strict gateways requiring two-factor authentication login and public/private key identification. All logins to Arbor are logged and tracked, and strict policies are enforced which create alerts if breached. Staff passwords are also changed regularly and, since data is kept on our central system, permissions can easily be revoked if needed

–

3)  Our physical security 

The security of every Arbor office is maintained by formal security inspections and risk assessments. Access to our offices is restricted with secure keys, CCTV, 24/7 security personnel and secure perimeter doors.

–

Security top tips 

When protecting your school data, it’s important that you follow data security best practice to make sure data does not fall into the wrong hands.

Here are some key things you can keep in mind: 

If you’d like to find out more about how our cloud-based MIS could help you transform the way your school works, we’d love to hear from you.  

Or, if you’d like to find out more about how we look after school data, you can do so here. 

The post How Arbor keeps your school data safe appeared first on Arbor.

How do cyber attacks happen?

Ransomware attacks happen most often through emails which contain malicious links or attached files. They can also happen through ‘phishing’ emails where senders pretend to be an organisation or a person you know. In both cases hackers are trying to steal user credentials, or gain entry to IT systems.

Ransomware typically encrypts data files, then demands payment of a ransom in exchange for the decryption key. There is never any guarantee that the key will work and you only find this out after payment has been made.

 How can we prevent cyber attacks?

The best advice is to stay alert. If an email or advert looks suspicious, don’t click on any links or attachments, and always report it to your IT team or Data Protection Officer. Having strong passwords is also important. Remember that the length of passwords is the single most important factor. Any password less than 10 characters long can be hacked by brute force in under a minute!

Tip: You can edit your school’s password rules in Arbor to make sure your users have strong passwords, and set the frequency that staff need to change them.

How do we protect your data at Arbor?

Here at Arbor we’re proud to exceed the MIS industry standard when it comes to keeping your data safe. We are accredited by the International Organisation for Standardisation (ISO) – an independent, non-governmental international organisation that ensures the quality and safety of software like Arbor around the world. We are accredited under ISO27001 – the international benchmark for data security.

We also store data on our central cloud-based system rather than on any individual device or server, which means if there’s a security breach at your school, your data is less likely to be lost or compromised. Your data is also backed up daily so we can quickly and easily restore access should you have a security incident. You can read more about how we protect your data in our blog here.

What should I do if my school has a ransomware attack?

Whilst cyber attacks are very rare, it’s always good to be prepared. Your school or MAT Data Protection Officer should have a wider plan in place for what to do if you get a ransomware attack, but here are some quick and simple steps you can take in Arbor:

1. Change all passwords

The first step we’d recommend is recycling your login information. This will help to make sure that any passwords that have been compromised as part of the ransomware attack no longer work. In Arbor you can either:

• Ask all staff to reset their passwords by following the “forgot your password?” workflow on your school’s login site, or
• Get in touch with our Support Team to force reset all passwords in your Arbor account

2. Disable access

If your Data Protection Officer recommends disabling access to systems until the issue is resolved, there are a couple of options in Arbor:

• To disable a handful of users you can follow these steps
• If you ever need to suspend access for all staff, get in touch with our Support Team and we’ll do this for you

3. Communicate

As part of your continuity plans, make sure you’ve developed an internal and external communication strategy. It’s important that the right information reaches the right people at the right time, so that your team knows what’s happening and what they should do next. For steps on sending communications using Arbor, check out our help materials here.

Whilst we hope you never have to deal with a cyber attack, if you do we’ll be here to support you with anything related to accessing your Arbor data.

The post What to do in Arbor if your school gets a ransomware attack appeared first on Arbor.