A Wake-Up Call for Public Sector Cybersecurity: What the Latest Council Attacks Are Telling Us

A fresh wave of cyberattacks is wreaking havoc across Scotland’s education system. Last Night, Edinburgh City Council confirmed a cyber incident affecting its schools’ digital infrastructure, with staff advised not to use Outlook, Microsoft Teams, or any school-based applications. Early reports suggest the attack stems from a phishing scam that has compromised internal systems, leaving critical digital tools inaccessible just as SQA exams begin. This breach follows closely on the heels of a ransomware attack on West Lothian Council, which shut down IT systems across 86 schools earlier this week. Though the council confirmed no data had been stolen, the disruption to operations has been substantial.

A Pattern Repeating: 2015 to 2025

Edinburgh City Council is no stranger to digital breaches. In 2015, the Council suffered a serious data leak when sensitive information on vulnerable residents was inadvertently published online. The incident exposed major flaws in data handling practices and served as a wake-up call for the public sector. Fast forward ten years, and the stakes are even higher. With schools deeply reliant on digital platforms for teaching, administration, and communication, any attack, whether ransomware or phishing, can bring operations to a grinding halt.

“This Isn’t Just IT, It’s Real-Life Disruption”

At Workflo Solutions, we work closely with local authorities and schools across Scotland, and we’re seeing first-hand how vulnerable the public sector is becoming to targeted cyber-attacks.

The timing of this latest incident couldn’t be worse, right in the middle of exam season, when schools rely heavily on digital platforms to function. What we’re seeing here isn’t just bad luck. These attacks are calculated, designed to cause maximum disruption when it matters most. This isn’t just about broken email systems or lost access to Microsoft Teams. It’s about eroded trust, rising anxiety for staff and students, and serious interruptions to learning. The ripple effects of an attack like this go far beyond IT, they affect people.

We’re urging every council not to wait until it’s too late. Cybersecurity can’t be treated as an afterthought anymore. Phishing simulations, endpoint protection, patch management, and regular staff training should be a given, not a luxury. We’re already working with public-sector partners to carry out security assessments and help build effective incident response plans, but there’s still so much work to be done. If you’re unsure how prepared your organisation really is, now is the time to take a closer look.

The Bigger Picture

These attacks aren’t isolated events. Across the UK, public-sector organisations, especially in education and healthcare, are becoming regular targets of cybercrime. The combination of outdated systems, stretched budgets, and a growing dependence on digital tools has left many councils wide open to increasingly sophisticated threats.

As investigations continue into the cyber incidents affecting both Edinburgh and West Lothian, one thing is painfully clear, the public sector needs to shift from firefighting to forward planning. We often say, you wouldn’t wait for a fire to break out before installing smoke detectors. The same logic applies here. Cybersecurity needs to be treated with that same urgency.

So, what should schools and staff be doing right now? 
While systems are being reviewed, we recommend the following precautions:

• Don’t click on unfamiliar links or open unexpected attachments
• Report any suspicious emails or login prompts to your IT team immediately
• Stick to official communications for any updates, avoid sharing unverified info

We're working with partners across the sector to minimise disruption and help organisations respond swiftly and effectively. We'll continue supporting councils, schools, and other public-sector bodies as they assess the damage, recover from incidents, and strengthen their long-term cybersecurity defences.

If your organisation needs help reviewing its cybersecurity or preparing for future threats, we’re here to help.