New independent cyber security audit for Hertfordshire schools

Cyber-attacks on schools are rising fast, with recent government research showing that 60% of secondary schools and 44% of primary schools experienced a cyber breach or attack in the past year—significantly higher than the UK business average of 43%. With schools increasingly targeted by phishing, impersonation, malware and denial of service attacks, the need for robust cyber protection has never been greater.  Schools and trusts carry the double risk of external and insider threats with 57% of attacks coming from pupils, some as young as seven! 

To help schools strengthen their cyber resilience, HFL’s Technology in Schools team has launched a new independent Cyber Security Audit and Action Plan service. The audit gives schools a clear understanding of their cyber risks and practical, prioritised recommendations for improvement. Crucially, it is carried out independently, ensuring that your IT provider is not “marking their own homework”. The independence of the audit means that schools can be confident in commissioning HFL even if they buy their IT support from them.  

To deliver this key service, HFL has partnered with Cheeky Munkey, a highly respected Managed Service Provider with over 25 years’ experience and more than 250 clients across the UK. Cheeky Munkey brings deep technical expertise across Microsoft, Cisco and VMware environments, 24/7 support capability, and a longstanding reputation for reliability and professionalism.  

The audit is conducted against recognised industry standards, including: 

• NCSC best practice, such as the Cyber Security Toolkit for Boards and guidance for school staff and leaders.  
• DfE Cyber Security Standards, which form one of the six core digital and technology standards all schools must meet by 2030.   

Clear, nontechnical reporting for leaders and governors 

Importantly, the audit report is written specifically for school leaders, using clear, nontechnical language. This ensures that headteachers, business managers and governors can easily understand: 

• The school’s current cyber security status 
• Identified risks and their potential impact 
• The actions required to optimise protections 
• Where governance oversight needs strengthening 

This approach gives governing boards confidence that they have full visibility of cyber risks and can make informed strategic decisions, without needing specialist technical knowledge. 

With cyber-attacks increasing in frequency and sophistication across the education sector, taking a proactive approach is essential. Understanding your risks is the first step toward protecting your systems, safeguarding sensitive data, and ensuring teaching and learning can continue uninterrupted. 

To learn more or book your audit, contact HFL’s Technology in Schools team at itsales@hfleducation.org