“I hate using these computers! I can’t put any of my software on them.”

The speaker was a science teacher, and the computers in question were stand-alone ones, not linked to any of the school’s networks.

“That”, I replied, “is the general idea”.

It may seem counterintutive for the person in charge of education technology in a school to lock equipment down so much that it can be used only in certain ways. However, if you view part of your job as making the kit usable by anyone, and another part of your job as protecting both teachers and pupils from software that could cause them harm in some way, then you have to take certain measures.

You might think that having antivirus protection is enough, but I think it’s worth going further, just in case. Another department in the school, which had their own laptops that they were in charge of, allowed anyone to use whatever software they liked. One day a rather distressed teacher came to me with one of the laptops he’d taken home from there because he couldn’t do anything with it. He’d allowed his son to install a games program he’d found on a diskette. Unfortunately, either the diskette or the program had not been checked for viruses, so the laptop ended up being riddled with them.

The stand-alone desktops and laptops under my care, on the other hand, were locked down in three ways. One was that I’d disabled the access to any other drive apart from the C drive. Another was that I’d installed a Windows shell which gave access to only the standard programs. Finally, this being in the days before wi-fi was ubiquitous, they were not connected to the internet while they were in school.

To be honest, anyone who knew what they were doing could have circumvented these measures, but I was banking on the fact that not many people would know enough to do so. Also, I think if you make something difficult enough for people, they’ll give up sooner rather than later.

Things have changed, right?

That was around 30 years ago, and things have changed since then, right? Well, there are plenty more viruses , trojans, spyware and other stuff around these days. Also, I can virtually guarantee that every time I go into a school to advise them on their computer use I will discover at least one person who brings in their own laptop or software that has not been checked for viruses.

I have just carried out some research, using Perplexity.ai:

Recent research from the UK's Cyber Security Breaches Survey 2025 provides insight into the prevalence of malware (viruses, spyware, adware, backdoors, trojans, and similar threats) on computers in educational institutions:

• Primary schools: 9% of those who identified any breach or attack reported viruses, spyware, or malware (excluding ransomware).

• Secondary schools: 22% reported viruses, spyware, or malware (excluding ransomware).

• Further and higher education institutions (combined): 42% reported viruses, spyware, or malware (excluding ransomware).

These figures are based only on institutions that identified experiencing a breach or attack in the last year. The most affected are further and higher education institutions, where almost half reported malware incidents, compared to just under 1 in 10 for primary schools and nearly 1 in 5 for secondary schools. It’s important to note that these numbers may underestimate the true extent, as only detected breaches are reported, and hidden incidents likely exist.

Malware incidents in schools are often part of a wider range of cyber threats, with phishing remaining the most common attack vector in all sectors. The rise in sophisticated attacks, including the use of malware and ransomware, highlights the need for improved security measures and awareness in the education sector.gov

1. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2025/cyber-security-breaches-survey-2025-education-institutions-findings

2. https://www.k12dive.com/news/ransomware-attacks-education-jump-23-percent-h1-2025/753483/

3. https://www.redstor.com/resource-hub/classrooms-in-the-crosshairs-ransomwares-growing-threat-to-schools/

4. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2025/cyber-security-breaches-survey-2025

5. https://www.oneeducation.co.uk/why-schools-are-now-prime-targets-for-cyber-attacks-in-2025/

6. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2024/cyber-security-breaches-survey-2024-education-institutions-annex

7. https://www.uscybersecurity.net/why-trojans-and-malware-are-targeting-college-students/

8. https://blog.blackbaud.com/top-cyber-threats-to-educational-institutions/

9. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023-education-institutions-annex

10. https://news.drweb.com/show/?i=15026&c=5&lng=en

Where does leadership come in?

I started off by saying that viruses and so on are a leadership issue. They are. You might have a fantastic technical support team who are paranoid about viruses and security. But there is also a place for leaders to:

• Keep staff informed about the dangers of viruses.

• Ditto students. No, they do not already know about all this just because they are young!

• Discourage staff to bring in their own laptops unless they have up-to-date antivirus software installed.

• Have a system whereby any laptops loaned out are checked for viruses when they are returned.

• Make sure there is up-to-date antivirus software on all school computers.

• Consider locking the computers down in the ways I outlined near the beginnning of the article.

If you found this article useful, you might like to sign up to my newsletter, Digital Education, which is aimed at educational computing leaders and teachers.