Gary Harrison, senior commercial manager at Morton Michel, unlocks the secrets of cyber safeguarding

Imagine it’s a typical morning at your nursery. You’re logging into your computer to check the daily schedule when an alarming message pops up: “Your data has been encrypted. Pay £10,000 within 72 hours to regain access.”

In an instant, you’ve lost access to your records — emergency contact details, care plans, everything you rely on to ensure the children in your care are safe and well. It’s a scenario no one wants to face, but for many businesses, this kind of cyber-attack is a real and growing risk.

When you are thinking about safeguarding, you’re probably thinking physical safety – keeping the environment secure and making sure your policies are robust. But as nurseries increasingly rely on digital systems, safeguarding now extends to the digital world. Cybersecurity protects not just data but also ensures the continuity of care and the trust parents place in you.

Why cybersecurity matters

In the childcare sector, you handle sensitive information daily: children’s medical histories, dietary needs, and parent contact details. That’s valuable information, and it makes nurseries an attractive target for cybercriminals.

You might think, “Why would anyone target us?” But the reality is that cybercriminals often go after businesses where they assume resources are limited, and defences might be weaker. In 2024, almost 40% of small businesses in the UK reported a cyber incident, according to the government’s Cyber Security Breaches Survey 2024.

With so much to juggle, it’s easy to see how some things (like updating systems or recognising phishing emails) can slip through the cracks. But it’s these small oversights that criminals exploit.

The role of third-party software

Many nurseries rely on third-party platforms to manage their daily operations, but safeguarding data remains your responsibility. A breach in these systems can still leave you accountable.

While third-party software providers often invest heavily in their own security, the overall responsibility for protecting your nursery from the financial and emotional impacts of a cyber incident ultimately lies with you. A breach could mean facing ransom demands, reputational damage, or even panic from parents.

This isn’t about scaremongering – it’s a reminder to take proactive steps to secure your systems and processes.

Common routes of cyber attacks

Understanding how these attacks happen is half the battle. Some of the most common threats include:

Phishing emails – Appear legitimate but clicking on a link or downloading an attachment can give criminals access to your systems.

Ransomware – This type of attack locks your data until you pay a ransom – leaving you without critical information.

Outdated software – Not keeping your systems updated can create vulnerabilities that are easily exploited.

Weak passwords – Simple or reused passwords makes it easier for criminals to break in.

Cyber attacks often stem from human error. A single click or a malicious link can cause panic – not just for you, but for your staff and the families you support.

Supporting your team in a digital world

Digital security is about more than protecting data – it’s about empowering your staff. Providing the right tools, guidance, and support reduces the likelihood of errors and builds confidence.

Cyber security training doesn’t have to be lengthy, but it should be regular. Integrating short, practical sessions as part of annual CPD programmes can help your team stay informed and alert to threats.

Ensure everyone knows the steps to take if something does go wrong. Having clear processes prevents issues from escalating.

If mistakes happen, stay calm. Focus on learning and improving processes, so your team feel supported and not overwhelmed.

Tools to simplify cybersecurity

Cybersecurity can feel daunting, but tools like vulnerability scanners (think a digital MOT for nurseries) identify system weaknesses and provide clear guidance on how to fix them.

Additional steps to strengthen your nursery’s digital defences include regular data backups and layered security such as firewalls, antivirus software, and multi-factor authentication.

Unsure where to start? Your insurance provider is a great place to turn. Many offer access to resources or assessments to help you understand your risks and strengthen your defences.

A digital safety net

Protecting your nursery’s digital environment isn’t just about compliance, it’s about creating a safer environment where children can thrive. Take time to review your cybersecurity measures, ask for help if needed, and rest assured you are safeguarding the future of your nursery. After all, keeping children safe – online and off – is what it’s all about.