How to safeguard your school against cyber threats.

A significant threat to schools with sensitive data on students, parents and teachers.

Cyber attacks are a major concern for many organisations and especially schools. It is one of the significant threats to schools  due to the sensitive data held relating to students, parents and teachers. Schools are expected to ensure there is no unauthorised access to this information and that it remains safe and secure. Data breaches and cyber attacks can lead to reputational damage, business interruption, investigation and recovery costs and even legal repercussions which can be very costly. It is highly crucial for schools to place greater importance on establishing and maintaining an effective strategy and controls to mitigate cyber attacks.

Some of the cyber threats for schools and how your school can respond effectively:


The practise of sending legitimate looking emails that will lure users to reveal personal information or follow the instructions on the email to disclose information that should not be shared. These are becoming more difficult to detect and differentiate, especially since emails are the primary method of communication in schools among staff and students.


  • Train teachers and staff to identify any suspicious emails received and report them.
  • Ensure an effective filter system is in place to detect and quarantine any suspicious emails.

Data breach

The unauthorised use of confidential and sensitive information. Schools store and collect significant amounts of data about teachers, parents and students which are highly confidential.


  • Train teachers and staff on how to safely and securely handle confidential information.
  • Implement an effective encryption service for any form of data that is communicated internally and externally.
  • Consider having cyber insurance to mitigate some of the costs in case a breach should occur.
  • Establish well-designed policies and processes in case of a data breach which includes an action plan.


A type of malicious software that is designed to block access to data and requires a ransom to be paid in order to regain access to that data. For schools, the threat of criminals sending harmful emails to parents and students unless the demand for ransom is met.


  • Have effective antivirus software on all devices in the network that is maintained and updated regularly.
  • Back up all the data frequently and automatically as a way to mitigate the risk of any loss of data.
  • Ensure that no software is installed without appropriate IT authorisation and permission.

Other recommendations

  • Technology is advancing at a rapid pace, hackers are becoming more innovative in their approach. Hence, it is crucial for teachers and staff and even students to be fully aware of this by having regular cyber security training and courses to stay on top of cyber threats.
  • As more students are bringing their own devices to school, cyber threats are likely to increase. It is very important for schools to implement policies and processes to meet this challenge and mitigate the risks.
  • Currently, there is more of a focus on prevention and not enough on response. Schools must develop an action plan that focuses on all areas from prevention to response and recovery.

It all comes down to schools having policies, controls and training in place to tackle these cyber threats, and the most important step is this has to be done regularly for it to be effective. If you have any queries in relation to this article, contact our Audit Specialists for more information on (03) 9835 8200.

About the Author
Amier Safaei , Melbourne
Want to join the team?