How to protect yourself from cyber attacks and online scams
October 3, 2025Kinderly
As Early Years practitioners, you juggle a hundred things a day, from nappy changes to the EYFS framework – the last thing you need is to worry about online scams, right?
However, your setting holds incredibly important, sensitive information—details about the children in your care, family contacts, photographs, staff records, and financial information. You not only need to be GDPR compliant, you also have a responsibility to protect this data, the same way you’d lock the front door at night.
To support you in feeling confident in protecting yourself from online scams, we’ve put together a jargon-free guide to the most common scams and how you can become digitally resilient.
What are online scams and how do they work?
The main aim of almost every online scam is the same: to trick you into giving away personal details or clicking a bad link. Here are the types you’re most likely to see:
1. Phishing Emails and Texts
Phishing is one of the most common online scams, think of it as a criminal ‘fishing’ for your passwords or bank details.
Image Source: GOV.UK
These are messages that look like they come from a trusted company or government body, but they are fake.
They often use the logo of your bank, HMRC, PayPal, or a delivery company like Royal Mail or DPD.
They create a sense of panic or urgency. They might say your account has been suspended, you have a tax refund waiting, or you owe a fee to get a parcel.
They demand you click a link to “verify” your details, make a small payment, or update your information.
2. Fake website scams
Sometimes, the link in a scam email or text takes you to a website that looks perfectly legitimate—just like your bank or a fee-payment portal:
Source: https://keepnetlabs.com/
The danger here is to think you’re logging into your real account, but you’re actually typing your password and username straight into the hands of a criminal.
A way to spot this is by noticing the web address (the URL) as it will usually be slightly wrong, maybe a letter missed out or a strange spelling.
Source: GOV.UK
Notice how the website added to this message isn’t the official https://www.gov.uk/ but a variation gov-tax.refundpr.com . Only trust emails or websites that show the exact address as the legitimate source.
3. Vishing and Smishing
Criminals don’t just use email. They can also use:
Vishing: A phone call where they pretend to be from a bank or the police, trying to scare you into moving money or giving them your card details. Never share passwords or personal details over the phone.
Smishing: A text message (SMS) with a dodgy link or a request for personal information, like we’ve seen in the images above.
How to protect yourself from cyber scams
Don’t share your passwords / log in details with anyone, seriously. It doesn’t matter if you need to quickly log in an observation for a child at work – use your own unique log in details and log out once you have finished.
Never use a public computer or public / open wifi network to connect to the internet as it is not safe, especially when it comes to your early years software.
Be alert and spot the red flags. This is the golden rule: If a message makes you feel rushed, pressured, or panicked, consider it a red flag. If a message, text, or experience feels somehow suspicious, here’s what to do:
STOP: Don’t click any links or give any details.
THINK: Ask yourself: Am I expecting this message? Would my bank really ask for my password in an email? (Spoiler: No, they wouldn’t.)
CHECK: If you think the message might be genuine (e.g., a query about a payment), do not use the contact details provided in the suspicious message. Find the official phone number or website for the company (e.g., from the back of your bank card or official website) and contact them directly to ask.
Bulletproof your passwords. A weak password is an open invitation to a scammer, and often, the way cyber attacks occur. You can use a password generator like Last Pass so you can log in once and ensure your data is protected against scammers.
Forget using family names or birthdays, hackers can easily identify those as personal attributes. Opt for a strong password, something that is easy for you to remember but hard for a computer to guess. The National Cyber Security Centre recommends using three completely random words, like PurpleSocksTrain.
Change your email password: Your email is the ‘master key’ to all your other accounts and often how you recover from other accounts if you have any issues. Make sure its password is unique and very strong.
Turn on 2-Step Verification (2FA): This is where you enter your password AND a special code sent to your phone or email. It’s a game-changer for security and should be on for your bank, main email, and any nursery software you use.
Update your software when prompted. Those pop-ups asking you to update the software on your devices? Don’t ignore them. Software updates for your computer, tablet, and phone aren’t just for new features. They are mainly to fix security holes that scammers could use to sneak in. Always install updates as soon as they are available.
Make regular back ups of your data. Imagine a scammer locks you out of the software or platform you use (this is called ransomware). Could you still function? Make sure you regularly back up your essential nursery information (like staff rotas, child emergency contacts, photos and financial records) onto an external hard drive or secure cloud storage. If the worst happens, you can simply restore the data and carry on.
Check before you click. Before entering sensitive details into any website look for the padlock icon. Check the website address bar. It should start with https:// and have a small padlock symbol. The ‘s’ in https stands for ‘secure.’ Never enter payment details on a site that just says http://.
Hopefully these tips are useful at work and outside of it! Protecting yourself, your staff, and the families you work with is more critical now than ever, so stay alert and stay safe.
Peace of mind with Kinderly
At Kinderly, we take the security of your data extremely seriously. Our software is GDPR compliant and registered with the Information Commissioners Office (ICO). To ensure your data is protected, we have a multi-step security plan in place which covers everything from servers location (ours are in the UK and comply under UK law), software development, encryption methods and our team. While no system can ever be 100% immune to cyber threats, our layered approach and ongoing vigilance mean we go above and beyond to keep your data safe. If you want to learn how to be a bit more savvy about digital security, we recommend reading more on the National Cyber Security Centre https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online