Case study · Education, independent school

Sherborne Girls: securing remote and hybrid learning, without slowing it down

An independent school needed students and teachers to use the web and email freely and safely. We helped them raise their security posture and cut phishing, acting as an extension of their IT team.

Sector
Education, independent school
Size
Independent boarding & day school, ages 11–18
Trigger
Keeping student data safe across remote and hybrid learning
Outcome
Web & CASB deployed, network penetration-tested, DMARC configured, with a significant drop in phishing and a stronger, baselined security posture

01

Opening

What was actually happening

Sherborne Girls is an independent boarding and day school for ages 11 to 18. Like every school, its IT team had to let students and teachers use the web and email freely, as everyday tools for learning, communication and collaboration, while keeping them safe.

With teaching split across remote and hybrid learning, the school had a pressing need to be sure that students’ data and personal information stayed protected wherever people were working from. They wanted to raise their security without making day-to-day learning harder.

02

What we did

The work, in the order it happened

We started where the risk was: securing web access and cloud usage. Having identified a web security and CASB (cloud access security broker) solution that fitted the school, we supported Sherborne Girls through onboarding, managing the conversations with the vendor and acting as an extension of the in-house IT team rather than another supplier to manage.

With web and CASB controls in place, we positioned and facilitated a comprehensive penetration test of the school’s network. The goal was twofold: surface any remaining vulnerabilities, and establish a clear baseline of where the school’s security posture actually stood.

Following the penetration test results, we assisted with the school’s DMARC configuration, closing off exact-domain spoofing, one of the most common ways an attacker impersonates a trusted school address.

03

What we delivered

Specific outputs

  • Web security and CASB solution selected and onboarded, with all vendor conversations managed for the IT team
  • A comprehensive network penetration test to find remaining vulnerabilities and baseline the posture
  • DMARC configured to prevent exact-domain spoofing
  • An ongoing Cybersecurity Resilience Assessment for a systematic, repeatable approach to cyber risk

04

What changed

For the client

Sherborne Girls came away with a measurably stronger security posture. With DMARC configured, students, teachers and other stakeholders are far better protected against exact-domain spoofing, and the school saw a significant reduction in the number of phishing emails reaching inboxes.

We continue to work with the school, using our Cybersecurity Resilience Assessment to keep a systematic approach to protecting against new and evolving cyber risks.

The way in which teachers teach and students learn is quickly evolving. It was clear that we needed to enhance our security, which Threat Protect helped make a simple and stress-free process, identifying and resolving a number of areas where we could improve our security posture, enabling our teachers and students to operate in a secure environment.
Tim Farr, Director of IT, Sherborne Girls

If you are in a similar situation

Bring the questionnaire. Or the alert. Or the question.

A 30-minute call with a senior advisor. We will tell you whether what we did for the Education, independent school above would translate to your situation, and what the next steps would be.

Book a call

Used once to reply, never added to a list. No nurture sequence.