6 Cybersecurity Tips for Schools

Fill out this form to receive free tips each week

Note: Many of our 400+ resources now require a low-cost membership to help us deliver great research and expert safety guides. Become a member today, login here, or have your district request a partnership to make these resources free for your community.

6 Cybersecurity Tips for Schools

March 29, 2021

You're not logged in! 
Become a member or log in to view this resource

District Admins and Principals: Request a partnership on this page to share our resources with your community.

Quotation marks

This is great info, thanks for giving me some ideas on how to start a dialogue with my teen!


Sharon M.

Parent VIP Member

Quotation marks

Josh's presentation about social media was unbelievably fantastic. Our students learned so much about what kids should and shouldn't be doing. The fact that it is such a thoughtful process made it all worthwhile.


Director of College Advising

Educator Webinar Attendee

Quotation marks

This webinar is a very helpful eye-opener on the apps that are popular with my students.


Irene C.

Educator Webinar Attendee

Green Zone

Parents and Teachers: This app is listed in the SmartSocial.com Green Zone.
We believe this app is a STARTING POINT for your student, but that you must monitor your student on every app they are on. Join our weekly newsletter to learn about the 100+ App Reviews at SmartSocial.com

Gray Zone

Parents and Teachers: Please note this app is listed in the SmartSocial.com Gray Zone.
Parents should participate in these apps with students to keep them safe.
Join our weekly newsletter to learn about the 100+ App Reviews at SmartSocial.com

Red Zone

Parents and Teachers: This app is listed in the SmartSocial.com Red Zone. We believe this app is not safe for students to use without adult supervision. Join our weekly newsletter to learn about the 100+ App Reviews at SmartSocial.com

Dangerous Social media challenges

Parents and Teachers: This app is listed as a Dangerous Social Media Challenge. Knowing about social media challenges before your teen does can help you keep them safe before an incident occurs. Join our weekly newsletter to learn about the 100+ App Reviews at SmartSocial.com

Table of Contents

, you're logged in! Thank you for your support. Enjoy your membership resources and videos.
6 Cybersecurity Tips for Schools an Expert Guest Blog by SmartSocial.com

Cybercriminals are getting savvy with their phishing emails and hiding malicious downloads. Every school is vulnerable to attacks from every individual email account on your network. We asked cybersecurity experts for best practices and warning signs for both students and staff to look for to avoiding phishing, ransomware, and malicious downloads.

1. Always use multi-factor authentication

Timothy Robinson, CEO and Cybersecurity Expert, InVPN

Headshot of Timothy Robinson
Timothy Robinson

Being a cybersecurity expert, there are many tools and techniques schools can use in addition to security awareness training to avoid cyber incidents. 

Phishing can be prevented by allowing multi-factor authentication (MFA) for all school facilities, including teacher and student email accounts and any other program that stores confidential information. It's also never too early for students to learn how to apply this method to their online lives outside of school.

With the volume of data brought in by remote learning, educational institutions can back up their systems on a regular basis and store backups in an 'offsite' spot. Offsite can be described as a location that is not linked to the main network, making it much more difficult for a criminal hacker to delete or encrypt backups.

2. Read tips from the Federal Trade Commission, FBI, and PBS

Aliza Vigderman, Senior Content Manager, Security.org

Headshot of Aliza Vigderman
Aliza Vigderman

Here are some clues that an email is potentially phishing, according to the Federal Trade Commission:

  • The email looks like it’s from a company you’re familiar with, whether that’s a social media site, a bank, a credit card company, etc.
  • The email tries to get you to click on an attachment or link, saying something like there’s a problem with your account, you have to confirm personal information, or you’re eligible for a coupon.
  • The email has a generic greeting that doesn’t use your name.

The easiest way for employees, staff, and teachers to avoid phishing, ransomware, and downloads in their professional communications is to download antivirus software on all of their work-related devices. Antivirus software scans for phishing, ransomware, and other types of malware, quarantining malicious software if it finds it so that it can’t affect the rest of the device.

As soon as students are granted access to school-provided email accounts is also when schools should start teaching students about phishing, ransomware, and malware. Being able to recognize phishing emails is essential for safe internet usage. There are a number of user-friendly digital security resources for kids that can teach them the basics of malware and cyber-attacks from organizations like PBS and the FBI.

3. Creating a cyber threat team and response before there’s ever an incident is key

Sidra Ijaz, Research Analyst, InvoZone

Headshot of Sidra Ijaz
Sidra Ijaz

There are many clues that an email is phishing. These emails are designed in a way that the victims respond and click on the links immediately. The content of such emails is specially designed to manipulate the emotions of the victims. For example, sometimes they have a sense of fear in them.

These are a few patterns in a phishing attack:

  • Such emails manipulate victims emotionally.
  • They have a sense of urgency.
  • Links look suspicious. The best way to identify phishing links is by using secure phishing detection services such as Google Transparency Report.
  • There may be spelling and grammatical errors.

Awareness is the key. The major source of ransomware attacks is phishing emails. For example, unaware employees can unknowingly assist in ransomware attacks by downloading malware through phishing emails. Awareness training of all the staff, teachers, and students can significantly reduce the impact of phishing and ransomware.

We have to change our cyber defense mindset from ‘incident response’ to ‘continuous response’. We have to adopt proactive cybersecurity measures against evolving ransomware attacks. These include offensive cybersecurity measures (such as ethical hacking and pen-testing), and cybersecurity drills. You can check the level of awareness and security culture in a school by launching a mock phishing attack.

Ransomware and phishing attack mitigation requires swift measures from incident response teams. Data protection and backup, forensic analysis, and disaster recovery plans are key to reduce the impact of the attack. School administration should work on developing a cybersecurity team.

As soon as students start using computers/smart devices is when schools should be teaching cybersecurity training to them. Students should be aware of the cyber threat landscape.

4. Read every sentence, review the sender’s email address, and look for spelling errors

Tom Kirkham, Founder and CEO, IronTech Security

Headshot of Tom Kirkham
Tom Kirkham

Here are some tips on how to spot a phishing email on your own:

  • Is it coming from a public email domain or a private email domain? It shouldn’t be coming from an email address with a public email domain. For example, you’re not going to get an email from someone at our company that says irontechsecurity@gmail.com. It’s going to be from an email address such as commandcenter@irontechsecurity.com. Make sure to look at the email address before you do anything else.
  • Are there spelling errors in the email address? Read the email and check for spelling errors. Check the sender’s email address for spelling errors. It will be an error that will be hard to spot and it looks correct at first glance. This happens pretty often because cybercriminals think you won’t be cautious enough to check the spelling. For example, they might spell Amazon like Arnazon. (They would change the m to an r and n to make it look like an m.)
  • Is the content grammatically correct or is it poorly written in general? If you get an email and it’s full of grammatical errors and not well written, that’s a sign it’s a scam. Actual companies/organizations aren’t going to make this mistake.
  • Is there an attachment or link in the email that you weren’t expecting? Hover your mouse over any unsure link or attachment. If the link isn’t what you are expecting, it’s possibly malicious. It’s better to be safe than sorry, so if you’re unsure about opening a link or attachment, ere on the side of caution and don’t open it.
  • Does the email sound strangely urgent? Some examples of this are when the email says they need money now or they need you to give them information ASAP. This isn’t realistic and can easily be debunked. They’ll usually pose as your boss, a senior executive at your company, or your bank because they think you are more likely to give these types of people sensitive information.

The best way to educate employees/staff on phishing emails, malware, and ransomware is by implementing a continuous cybersecurity training program. By enrolling your employees/staff in a continuous cybersecurity training program, you’re giving them the knowledge to keep themselves safe from cybercriminals.

When it comes to students, it’s best to educate students about phishing emails, malware, and ransomware as soon as possible. By doing this, you’re giving them the knowledge to avoid these types of attacks. The younger they’re able to recognize these things, the better it will be. Learning about how to stay safe online early on in life will be beneficial as they get older and use technology for college and their careers.

5. Provide fun, engaging, gamification cybersecurity training for everyone - students, parents, teachers

Andee Harston, Curriculum Manager, Infosec

Headshot of Andrea Harston
Andrea Harston

In this day and age, you must be extra vigilant when it comes to checking your emails for phishing attempts. There are several things you can do to determine if an email is a phishing email:

  • Hover (don't click!) over the sender's email address and check for any misspelled or suspicious domain names. Double-check the sender's email address and ensure it matches your expectations.
  • Read emails with caution that use words like immediately, cancellation, or notification. This is very likely an indicator that the email is a phishing attempt. Hackers often use psychological tactics to pressure users to respond quickly or out of fear.
  • Verify unexpected email attachments before clicking or downloading. Always contact a trusted secondary source to validate if the email is legitimate. This could mean calling a coworker from a phone number in your school/business directory and asking them if they sent an email or reporting the email as SPAM to your IT department.
  • Watch for misspelled words, grammatical errors, or strangely constructed sentence structure. A poorly written email may also be (but not always) an indication that it is a phishing attempt.

One of the best ways to inspire secure habits among faculty and staff is through relatable, relevant training that leverages educational best practices like microlearning and gamification. This starts with engaging training that helps faculty and staff understand why bad actors target schools and student data - and what they can do to protect themselves and their students. Where possible, we recommend using real-world examples to help make training real for educators.

You can start by implementing a good cybersecurity education program to educate teachers, employees, and staff to identify malicious emails. Train thoroughly and often, at least quarterly. Teach employees to question all digital correspondence and always, always trust their gut instinct. Then make sure employees know who to report suspicious emails to and how to report them using the school's incident response call tree or email reporting system.

Recommended topics include password complexity guidelines for home routers/computer assets, timely system patching, and good data privacy practices, including how to share information safely online and how to recognize phishing emails.

It's all of our responsibility to teach children about the security risks associated with email accounts and internet access. This is no different than teaching kids to look both ways before crossing a street; their safety and welfare depend on their ability to stay safe online.

Additionally, schools should consider an outreach program to parents. A fun monthly or quarterly newsletter, written and researched by students, helps educate parents and students simultaneously.

6. Use the old adage, ‘don’t talk to strangers’

Janis von Bleichert, Founder, EXPERTE.com

Headshot of Janis von Bleichert
Janis von Bleichert

Generally speaking, phishing, ransomware, and malicious downloads all have one thing in common: they require the user to 'get the ball rolling.’ Starting from that point, the best defense against getting infected with such files is to encourage faculty, students, or teachers to do nothing if they think something is 'fishy' or 'too good to be true’. 

Should a teacher or student have any doubt whatsoever about an email, a download, or an attachment, they should err on the side of caution. For schools, this can be done similarly to how students are instructed to 'not talk to strangers', albeit, in a digital context.

 Apart from instilling a very healthy dose of care when opening links or downloading files, it's also good to show faculty, staff, and students how to set up and use a (qualitative) and free antivirus or anti-malware suite. During our internal review process, Avast, Sophos, and AVG were the three best free suites we tested. Teachers can integrate installing and running virus scans into computer lessons, and show students how to engage real-time protection.

Finally, within browsers, it's a good idea to introduce students and teachers alike to ad-blocking extensions, since this can also close off a lot of the avenues for an attack that malware can use to establish itself on computers.


While there are a lot of preventative measures for cybersecurity, nothing is 100% guaranteed. If something looks fishy (pun intended), it probably is phishing. Look at every detail of emails, install quality software to scan against attacks, and keep up to date with how hackers and others are scamming people every day.

Logged in and still not seeing content? This course may not be part of your membership plan. Click here to join.

Share Your Thoughts With Our Team

Your email address will not be published. Required fields are marked *

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Become a Very Informed Parent (VIP) to get our social media suggestions in your email every Tuesday & Thursday.
Dotted arrow to right
Learn about our
"Very Informed Parent" 
VIP Program
Right arrow
Josh Ochs headshot Round
Schools & Districts: Partner with us to protect your community online

Our remote presentations (and website) teaches over a million students each year how to shine online. We teach students how their accounts can be used to create a portfolio of positive accomplishments that impress colleges and employers.

Partner with SmartSocial.com
Right arrow
SmartSocial podcast logo
Join Our Smart Social Podcast each week on iTunes

With over 240 episodes, Josh Ochs interviews psychologists, therapists, counselors, teachers, and parents while showing you how to navigate social media to someday shine online.

Listen on:

Apple Podcasts
Google Podcasts

Read More From Smart Social:

Read More Posts On Our Blog
Right arrow

Free Parent Night: 25+ Dangers On
TikTok,  Snapchat, Instagram, Fortnite, Netflix, YouTube & More (Multiple Dates).

Join Josh for a presentation that will teach you the hidden safety features of TikTok, Instagram, Snapchat, Netflix, Discord, Fortnite, Twitch & more! (Register Here)

Register For Our Free Parent Event
Right arrow
Parent Event: 25+ Dangers on TikTok, Snapchat, Instagram, Fornite, Netflix & YouTube by Josh Ochs SmartSocial.com