Supporting cybersecurity in education

Many schools across the globe use technology in the classroom, from smart whiteboards to tablets to laptops and more. Students often utilize their devices to perform research, complete assignments and support learning outcomes – both at school and at home.

When students leave school, they don’t leave how they interacted with these devices behind. This is why it’s critical that students aren’t just told what rules they must follow; they must be taught good digital citizenship and how to be safe online. This isn’t always easy — there are countless threats and inappropriate content on the internet, all within a fingertip’s reach. Schools are forced to grapple not only with learning and teaching but also with internet best practices for teachers, administrators and students alike.

The U.S. Department of Education Office of Educational Technology recently published a K-12 digital infrastructure brief to provide guidance on how to build a resilient and secure digital infrastructure at K-12 institutions. In this blog, we’ll talk about:

• Recent cybersecurity incidents targeting Edu
• The ideas included in the K-12 brief
• And how Jamf can help schools meet their goal of safe and productive internet exploration

Cybersecurity landscape impacting the education sector

Education is among the top sectors being targeted by threat actors globally. In the Verizon 2025 Data Breach Investigations Report, they found that malware topped the list with 42% of the top actions in educational services breaches. While many malware variants contribute to that figure, it was noted that ransomware attacks surged 69% in Q1 2025 from the same time period the previous year, according to a report by Comparitech.

What does this trend mean for Edu?

Unfortunately, the trend indicates that threat actors are ramping up attacks against schools around the world, in similar fashion to other government-funded institutions.

Recent threats by the numbers

School/District: Coweta County School System (CCSS)

Location: Georgia, US

Incident: CCSS reported an apparent network intrusion occurred Friday evening, May 2, 2025. In an attempt to steal sensitive data, threat actors disrupted standardized testing services over the weekend in three high schools. While it was not confirmed if student and/or employee data was compromised, it was reported that internal systems were hampered in the days following the incident.

School/District: Toronto District School Board (TDSB)

Location: Toronto, Canada

Incident: An attack led to threat actors obtaining and leaking a cache of student data enrolled in TDSB since 1985(estimated 1.5 million students). The data breach however, stems a supply-chain attack against PowerSchool – a developer of student information solutions (SIS) for K-12 schools districts – in which the sensitive data was exfiltrated and later ransomed. However, despite PowerSchool having paid the ransom, TDSB officials received a ransom note of their own (referred to as double-ransom), requesting the amount be paid under threat of leaking the regulated data publicly.

School/District: City of Edinburgh Council Schools

Location: Edinburgh, Scotland

Incident: Following a spear-phishing campaign that targeted school staff on May 10, 2025, school officials decided to reset all stakeholder passwords across the entire education service. This resulted in extensive delays during a crucial time of year when students are studying for key exams. Due to precautions being taken, access to digital study materials and collaboration software remained unavailable until students received their new password in person.

Internet usage in schools

The internet is an unavoidable part of life — as much as we might like young students to avoid the world wide web, at some point they are going to use it for work, entertainment, networking and more. Creating a safe place for students to explore their curiosity and take advantage of tools the internet has to offer is critical for schools as they educate the next generation of digital citizens.

To take advantage of the internet, schools should consider:

• Prevention over inspection – prevent access to risky, inappropriate or dangerous sites without surveilling every action students make
• Allowing students the freedom to explore while educating them on how to browse safely
• Teaching “curiosity within restraint” so students learn what’s right, not unexplained rules that say what to do or not do

This isn’t a simple ask.

Schools are a vulnerable target for cyber criminals, as they hold a host of personal information – often without adequate security protections. In 2022, 78% of schools were victims of cyberattacks in the UK, 45 school districts in the US were hit with ransomware attacks and Australian schools were attacked, on average, every seven minutes. However you slice it, schools are being targeted by cyber criminals, and many institutions don’t have the resources or know-how to maintain school network security.

So, what can schools do to keep up?

Creating a comprehensive internet safety framework

Building an internet safety framework that prioritizes safeguarding students and a school’s network is just as critical as protecting student data. It goes beyond educational cybersecurity solutions to involve school faculty and staff, students and parents. To start with IT, these are some tools and procedures that can start the process:

• Content filtering to automatically restrict inappropriate content
• Threat prevention software to mitigate and prevent cyber threats
• Training programs that educate students, teachers, parents and administrators on cybersecurity best practices

Schools should examine their risk profile — what are the weakest points that could allow an attacker into their system? This includes all users on their devices and networks, as well as any vendors connected to school resources. After this evaluation, it’s time to:

• Establish preventative measures that balance ease-of-use and security holes that this might open up.
• Keep software up to date.
• Create a solid recovery plan in the event of an attack that mitigates the impact of an attack and gets operations back to normal as soon as possible.
• Develop a long-term resilience plan to evolve with cyber threats and keep ahead of attacks.

Teaching digital citizenship

Users are a key weak point in any security system. To address this, schools can:

• Design age-appropriate internet safety curricula for students.
• Train faculty and staff to recognize and respond to online risk.
• Encourage parental involvement and collaboration in promoting safe internet habits, especially if devices go home with students.

Education is more effective than restricting total access; students are protected based on their own knowledge rather than device behavior, setting them up for success once they aren’t using school-sanctioned devices.

Jamf Safe Internet

Jamf Safe Internet integrates with Jamf School to protect Apple, Google OS and Windows OS devices. Jamf Safe Internet is accessible to teachers and IT technicians alike, and includes preset or customizable security policies. Its powerful content filtering capabilities provide enterprise-level protection, include a database of nearly two million filterable domains and use machine learning to evaluate network risks in real time.

Jamf Safe Internet prevents students from accessing inappropriate sites and blocks malicious links. For example, if a student receives a convincing phishing email and clicks on the link, Jamf Safe Internet will restrict access to the site, preventing students from giving away critical information that puts them and your network at risk.