Back to school, back to scams part 2: Mitigation in motion

As students and faculty return to campuses across the nation this fall, they’re not the only ones getting back into the swing of things. Cybercriminals are also sharpening their pencils – or rather, their phishing emails and ransomware attacks – ready to exploit the unique vulnerabilities that make schools such tempting targets. Last week, we talked about some common scams and threats. This week we’ll look at more mitigation methods for managed service providers (MSPs).

The days when gum chewing and spitballs were schools’ biggest challenges are long gone. Nearly two-thirds of education facilities reported cyberattacks in 2024, while ransomware attacks against K-12 schools saw a 92% spike in recent years. Even more alarming, 91% of higher education institutions identified breaches or attacks according to the UK’s 2025 Cyber Security Breaches Survey, making them among the most targeted sectors.

What makes educational institutions such attractive targets? It’s a perfect storm of factors: they hold treasure troves of sensitive data, often operate with limited cybersecurity budgets, and maintain the open, collaborative environments that can make security implementation challenging.

To understand how educational institutions can better defend themselves, we checked in with two cybersecurity experts who work directly with schools and understand their unique challenges.

Getting leadership on board: The foundation of school cybersecurity

Brian Keeter, Senior Director at APCO, a global communication consultancy and business advisory firm emphasizes that effective cybersecurity starts at the top. His approach focuses on four key areas that every educational institution should prioritize.

Elevate cybersecurity to the highest levels

“The single best step for any academic institution is making the protection of sensitive information a priority at the highest levels,” Keeter explains. “For too long, educational leaders have relegated cyber protection to the MSPs or IT director, figuratively washing their hands of any responsibility. Without leadership’s involvement, MSPs and IT directors are often left without the mandate of an institutional priority or resources needed to do their jobs.”

This leadership gap is particularly concerning when you consider that approximately 60% of data breaches are attributable to insider threats, and many of these stem from inadequate training and awareness programs.

Revisit cyber hygiene training

According to Keeter, insider threats represent a massive vulnerability for schools. “Some reports indicate insider threats, either by accident or malicious intent, account for up to 60% of cyber incidents,” he notes. “Good digital hygiene results from consistent, up-to-date training, representing the school’s first line of protection. Educational leaders should revisit their training programs frequently, ensuring those programs address known weaknesses and emerging digital threats.”

This emphasis on training is backed by research showing that security awareness training reduces insider threats by 45%, making it one of the most cost-effective security investments schools can make.

Audit sensitive information

“Surprisingly, many schools do not fully know what sensitive information they have, where it’s held or how it could be compromised or exploited by threat actors,” Keeter observes. “A consistent routine of audits and assessments shows school leaders how and where to address vulnerabilities, gaps and weaknesses and puts them in a better position to respond quickly and strategically when an incident occurs.”

Update (or create) your incident response plan

Keeter’s final recommendation focuses on preparedness: “An incident response plan is like insurance. You hope you never have to use it but, if you do, you’re beyond thankful to have it. An incident response plan is a playbook to guide you through the short- and long-term aftermath of a cyberattack. It allows you to act strategically through scenario planning, key messages, holding statements, internal communication procedures, stakeholder contact lists and more.”

This preparation is crucial, especially considering that it takes 81 days on average to detect and contain an insider threat incident, and the longer detection takes, the higher the associated costs.

A comprehensive security approach

Bob Bilbruck, CEO of Captjur, strategic consulting and business strategy and integration firm, takes a broader view of the threat landscape facing educational institutions. “As schools face growing cyberthreats in 2025, MSPs and chief information security officers (CISOs) must stay vigilant and proactive in safeguarding sensitive student data,” he emphasizes.

Bilbruck identifies several key threat vectors that schools must address: “With rising risks from ransomware, phishing, DDoS attacks, and artificial intelligence (AI)-powered threats, it’s critical to implement a layered security approach. This includes adopting zero-trust frameworks, deploying multifactor authentication, ensuring regular software updates, and encrypting sensitive data.”

Like many experts, Bilbruck also points to the endpoint protection remains a critical focus for MSPs

“Schools should also invest in endpoint protection, develop strong incident response plans, and continuously monitor networks for anomalies,” Bilbruck continues. “Collaboration between MSPs and chief information security officers (CISOs) is key, from conducting routine audits to ensuring compliance with privacy regulations like Family Educational Rights and Privacy Act (FERPA) and General Data Protection Regulation (GDPR).”

The compliance aspect is particularly important, as schools must navigate complex regulatory requirements while maintaining the open access that defines educational environments. Bilbruck notes that this balance requires careful attention to both technical controls and policy implementation.

“Furthermore, educating staff, students, and parents about cybersecurity best practices and securing remote learning environments are essential for building a culture of cyber resilience in schools,” he concludes.

As cyberthreats continue to evolve, educational institutions must treat cybersecurity as a strategic priority, not just a technical concern. By fostering leadership engagement, investing in layered defenses, and building a culture of awareness, schools and MSPs can work together to safeguard the future of learning. The time to act is now, before the next breach becomes tomorrow’s headline.

Note: The article originally published on Smarter MSP.