Digital tools have become essential to teaching and learning, but they have also made schools prime targets for cyberattacks. Public schools are particularly vulnerable because they often operate with limited budgets, outdated technology, and small IT teams — conditions that make them easier for attackers to exploit.
The risks are not hypothetical. Research shows that around eight in ten schools have experienced at least one cyber incident over an 18‑month period. From ransomware to phishing scams, these disruptions can halt teaching and put sensitive student data at risk.
In a recent episode of the Harvard EdCast, Cybersecurity: The Greatest Threat Schools Aren’t Ready For, host Jill Anderson spoke with Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance, about why schools remain so vulnerable and what educators can do to better protect students and staff.
Below, we have highlighted the key takeaways for schools — the most important insights from the conversation that can help leaders and teachers strengthen their approach to cybersecurity.
Key takeaways:
- Human Error Is Often the Weak Link: Most breaches do not require sophisticated hacking. They happen because of basic mistakes — such as clicking on a phishing email, reusing passwords, or failing to update software.
- Threats Are Evolving Quickly: Ransomware remains a common way schools are targeted. Newer threats such as AI-driven phishing and even deepfake voice scams are beginning to appear and may soon pose added challenges.
- Insurance Is No Silver Bullet: Cyber insurance is now harder to secure without meeting minimum security standards, meaning schools must take proactive steps before they can even qualify for coverage.
- Leaders and IT Teams Need to Talk: One of the biggest challenges is the communication gap between school leaders and IT staff. Plaggemier notes that translating technical risks into plain language is key to getting support for investment in cybersecurity.
- Students Need to Be Part of the Solution: Safe online habits start in the classroom. Teaching children not to share passwords and to spot suspicious links is as important as any firewall.
- Four Simple but Effective Practices:
- Teach phishing awareness: including scams via phone and text.
- Stay on top of software updates: patching reduces easy entry points.
- Enable multi-factor authentication (MFA): across all school accounts.
- Use strong, unique passwords and reliable backups: keep backups separate from main systems to prevent ransomware from spreading.
Cybersecurity may not always be top of mind in education, but ignoring it comes at a steep cost. As Lisa Plaggemier stresses, it is not a matter of if a school will face an attack, but when. Strong recovery plans, awareness training, and the right technical safeguards are essential to building resilience. Small, deliberate changes — from staff training to MFA to stronger backups — can dramatically reduce risk.
For a deeper dive into this issue, you can listen to the full conversation here: Cybersecurity: The Greatest Threat Schools Aren’t Ready For.
Facilities Management That may Be Of Interest:
Get a special discount by quoting code AISLMALL during CHECKOUT.
CPOMS – Safeguarding and Wellbeing Solution for Schools
With a mission to enhance Child Protection and wellbeing within schools, CPOMS, a Raptor Technologies company, offers a suite of products that allows schools to efficiently manage and monitor safeguarding concerns. Our dedication to safeguarding aligns with the ever-evolving needs of educational institutions, making CPOMS a trusted partner to 20,000+ schools in ensuring the welfare of children.
Engage – School Management Information System
Engage is a powerful and flexible platform delivering effective communication, control, reporting and insight across your school. An inclusive system, effortlessly linking admissions, academic and administrative departments, daily teaching, learning and activities operations, with seamless accounts management for staff, teachers and parents, and so much more. Learn about how Engage and other EdTech products from Education Horizons help the whole school community.
iSAMS – School Management Information System (MIS)
iSAMS is a cloud-based school management information software helping Independent and International schools run more efficiently. To date, iSAMS is present in schools across 90 countries across the UK, Ireland, Europe, the Middle East, Asia, North America, South America, Africa and Oceania.
Tes MyConcern – School Safeguarding Software
Tes MyConcern is a secure safeguarding software that combines all the essential safeguarding tools you need in one easy-to-use platform. It simplifies record-keeping and case management for student concerns and staff allegations and supports anonymous reporting, giving you a clear and complete picture of student safety in your school or trust.
Tryangulate – Teaching Tracker System
Tryangulate is a platform for tracking teaching skills and supporting development. It helps you by streamlining the evidence collection process, and providing you with rapid analysis to support strategic planning. Testimonials include: ‘Tryangulate has been very beneficial in setting up a consistent, evidence based and supportive approach to our teachers’ development.
