Cybersecurity in Schools

Shadow AI in Schools: The Vulnerability No One's Measuring A teacher uploads a class list to a free AI tool to help generate personalised feedback. An admissions officer pastes parent emails into ChatGPT to draft responses faster. A HR manager uses an AI transcription service for a safeguarding meeting. Each is trying to work more efficiently. None has checked where that data goes, how it's stored, or whether their institution has sanctioned its use. This is shadow AI: tools adopted informally across organisations, outside IT oversight, without malicious intent but with real security implications. And in education, where sensitive data is everywhere and resources are stretched, it's growing fast. The risk isn't theoretical. In March 2021, a ransomware attack on the Harris Federation: one of the UK's largest academy trusts, left 37,000 pupils unable to access email. Devices issued to students were disabled. Phone systems went down. The trust was at least the fourth multi-academy group hit that month alone. Schools had become "soft targets"more dependent on IT systems after the shift to remote learning, but with security increasingly de-prioritised. That was before AI-accelerated attacks. Before tools like Claude could be manipulated into conducting 80-90% of a cyberattack autonomously, as Anthropic revealed happened this September. Before one in six breaches involved attackers using AI. If education was a soft target then, what are we today? The shadow AI problem compounds the risk. IBM's latest Cost of a Data Breach Report found 63% of organisations lack AI governance policies. Among those that experienced AI-related breaches, 97% had inadequate access controls. Every unsanctioned tool is a potential vulnerability; an unmonitored doorway in an already under-defended building. This isn't about restricting innovation. AI tools offer genuine benefits, and organisations using them effectively in security are cutting breach detection times by 80 days. But adoption without oversight is a gamble; and in education, the stakes include safeguarding data, student records, and institutional trust. For school, college and university leaders, shadow AI raises uncomfortable questions: Do you know which AI tools are being used across your organisation? What data is being shared with them? Who's responsible for assessing the risk? The attackers have AI now. The question is whether your governance does too. I'm running a session on this topic Wednesday morning https://lnkd.in/eW88h-fd What I'm listening to: “Ready or Not” The Fugees What I am reading: 1929 by Andrew Ross Sorkin What I'm Baking Tarte Tatin https://lnkd.in/eSvE6iyw See you in the kitchen Prof Rose Luckin UCL and EVR Ltd #ShadowAI #Cybersecurity #EdTech #AIGovernance #SchoolLeadership #DataPrivacy #HigherEd #K12

Cyber Smart from the Start: Defending Finland’s Future in the Classroom Finland has long been celebrated for its world-class education system and commitment to digital innovation. But as technology becomes increasingly entwined with everyday life, new challenges are emerging—especially for the next generation. The rise of misinformation, cyberbullying, and online fraud means that teaching traditional subjects is no longer enough. Today’s students must be equipped with the tools to think critically, act safely, and defend themselves in the digital world. Disinformation campaigns, particularly from hostile foreign actors like Russia, have become more frequent and more sophisticated. These campaigns are not limited to military or political targets—they affect everyday citizens, manipulating emotions, distorting facts, and undermining democratic values. Finnish students must be taught how to recognize propaganda, question suspicious sources, and resist the temptation to share unverified information. But media literacy alone won’t cut it. Our young people also need to understand personal cybersecurity—from using secure passwords and avoiding phishing scams, to managing their online identity and digital footprint. By integrating cybersecurity and disinformation awareness into the national curriculum, we can ensure that Finnish students grow up not just smart, but cyber smart—ready to protect themselves, and their country, from the digital threats of today and tomorrow. #cybersecurity #education #Finland #CyberHygiene #misinformation #disinformation #PrimarySchool #SecondarySchool #privacy #WhyCantWeDoThatHere #democracy

💻🔒 Wouldn’t it be cool if public schools had the funding to protect their networks like large corporate America? Here’s the reality: 📌 Not all school districts are the same size. In my district, our tech team is just me and five repair technicians. Most of their time? Tier 1 support and Chromebook repairs. 📌 Most public schools don’t have a dedicated CISO (Chief Information Security Officer). I know because I wear that hat along with many others. Cybersecurity threats are real, and public schools are prime targets yet our budgets rarely match the risk. So, how do we change that? ✅ Advocacy: We need to educate policymakers on the critical importance of cybersecurity funding. ✅ Collaboration: Share resources and best practices between districts. ✅ Creativity: Partner with vendors and leverage grant opportunities. And here’s an ask for the EdTech sales community: We need you, too. Because when public schools are properly funded and protected, you thrive too. More secure schools mean more opportunities to deploy solutions, train staff, and grow your market. So let’s work together: 🤝 Educators, policymakers, and EdTech vendors let’s advocate for a safer digital environment for every student. 👉 How are you addressing cybersecurity with limited resources? 👉 EdTech sales leaders: how can you help us move this needle together? #Cybersecurity #Education #EdTech #SchoolSafety #Funding

This is why I teach cybersecurity through gaming + real life. 🎮📱 Last summer (July 2025) in Maryland, I taught middle school + rising high school students digital safety using what they already live in every day: gaming, streaming, and social media. Two real-world moments unlocked the biggest learning: • Angel Reese openly sharing how cyberbullying impacted her life • Kai Cenat becoming a real example of how fast online visibility can turn into digital risk That conversation made one thing crystal clear for the students: Status doesn’t protect you. Visibility can make you a target. We used those examples to break down: • cyberbullying + harassment • account takeovers + impersonation • scam tactics aimed at teens • and what it feels like when your school gets hacked (because theirs was) Not fear. Not theory. Skills. Awareness. Confidence. And honestly? This kind of education is still at the center of my work, whether I’m mentoring emerging cybersecurity professionals or leading security awareness conversations. Because teaching is how we scale safety. Thank you to PEOPLE FOR CHANGE COALITION, and partners like Truist Bank for supporting youth cybersecurity education. If you’re building or funding cyber education initiatives across #healthcare, #schools, or #sportstech, I’d love to collaborate. Cybersecurity literacy is safety literacy. (Photos shared with parents permission.) #CyberEducation #DigitalSafety #Cyberbullying #DigitalFirstResponder #CommunityImpact #HealthcareCybersecurity

250+ districts in, here's what teachers actually taught me about cybersecurity: They don't care about our industry jargon. They care about keeping kids safe. 🛡️ After 300,000+ users, the pattern is clear: Teachers who've been phished feel shame. IT directors who've been breached feel alone. Business managers who've wired money to scammers feel stupid. They're not. They're human. Here's what actually works: Stop selling fear. Start teaching confidence. Stop pushing compliance. Start building habits. Stop talking tech. Start speaking human. The best cybersecurity lesson came from a kindergarten teacher in Ohio: "If 5-year-olds can learn to look both ways before crossing the street, adults can learn to pause before clicking links." She was right. 💡 So we rebuilt everything: • 3-minute lessons (not 45-minute modules) • Real stories (not fake scenarios) • Celebration (not shame) • A squirrel that makes it... fun? 🐿️ The results across 200 districts: ✅ 94% completion rates (industry average: 30%) ✅ 73% fewer phishing clicks ✅ Zero successful ransomware attacks But here's what matters most: That teacher who felt shame? Now she's our security champion. That IT director? Built a community of 50+ peers. That business manager? Caught 3 fraud attempts this year. Teachers taught me cybersecurity isn't about technology. It's about people feeling empowered, not embarrassed. What have your users taught you about your product? 👇 #Cybersecurity #EdTech #K12Education #TeacherVoice #CyberNut #HumanCenteredDesign #SecurityAwareness

🔐 Imagine if cybersecurity was a core subject in secondary schools. Not a club. Not an optional workshop. A real part of the curriculum like Biology or Civic Education. What if every student could confidently: • 🔐 Protect their data and devices • 🧠 Spot scams, phishing, and online manipulation • 💬 Navigate social media responsibly • 🌍 Understand that cybersecurity isn’t just tech it’s about protecting people By SS3, they’d be creating school-wide cyber safety campaigns or exploring careers in ethical hacking, AI security, cybersecurity law, and digital forensics. With Nigeria’s growing digital economy and the rise in cyber threats, early education isn’t just important it’s urgent. And here’s something I truly believe: If a child grows up understanding digital safety, they can influence their parents too. It’s another way to build better cybersecurity awareness across Africa from the home, outward. We need to raise a generation that’s not just online, but cyber smart. Would you support making cybersecurity part of the national curriculum? Dr. ‘Bosun Tijani NITDA Nigeria CyberSafe Foundation CompTIA Cisco EPICS Educational Technology for Africa (EdTechAfrica) TechCabal AfricaCERT Olusola Amusan Let’s spark the right conversations. #Cybersecurity #DigitalEducation #Nigeria #CyberSmartGeneration #YouthEmpowerment #EdTechAfrica #CyberTalksWithJojo

"How early do we start cyber education?" - Ana Forsyth at KPMG Australia. Cyber Safety vs Cyber Security Cyber safety focuses on keeping identities and individuals safe, while cybersecurity is about protecting devices and data. Both are important. When should kids start learning about tech safety? Ana's perspective: 1️⃣ Awareness should start as soon as a child interacts with tech (even in early childhood). 2️⃣ Formal cybersecurity education can begin around ages 6-7, tailored to their understanding. 3️⃣ But it’s not just about children. Parents, teachers, and even governments play their own roles: 👩🏫 Teachers need ongoing training and better resources to incorporate cybersecurity into their curricula. 👨👩👧 Parents must be empowered with knowledge to guide their kids. 🏛️ National bodies, like governments, should step up with frameworks that integrate education, industry, and community efforts to foster long-term resilience. Ana shared insights from her PhD, on the importance of building pathways between schools, vocational education, higher education, and industry involvement. 🛠️ Practical steps we can begin: 1️⃣ Educate and empower teachers with relevant training. 2️⃣ Foster opportunities for industry to collaborate with schools through talks and work experience programs. 3️⃣ Promote awareness campaigns for parents and provide straightforward resources to guide their conversations about online safety with their kids. Please don't forget to follow the show for the latest interviews and updates. 🩵