A misplaced USB. An innocent-looking app. A quick click on a pop-up. It doesn’t take much for a classroom to become the entry point for a cyber threat. While many schools focus on firewalls and filters, the biggest risks often come from human habits. Building awareness and everyday good practice is just as important as having the right software.
This article offers a practical guide for teachers and IT staff to help students and colleagues stay safe, alert and cyber aware, no matter the education level.
Cyber Safety Starts With Behaviour, Not Just Tools
Many schools have invested heavily in network protections, but these only work well when users behave in ways that support them. A staff member who downloads an app without checking its source can bypass even the strongest security setup.
The same goes for students. Younger children may not understand the risk of clicking “Allow” on every prompt. Older students might download games or productivity tools that collect data or open backdoors for malware. That’s why digital habits need to be taught, reinforced and modelled.
Think Before You Click: Vetting Apps and Downloads
One of the biggest issues in schools is unvetted apps. These are apps or programs downloaded from app stores or the web without proper checks.
Some apps:
- Ask for excessive permissions like access to microphones or cameras.
- Contain malware or spyware bundled in.
- Store data in unsecured or offshore servers.
Even something as basic as installing a free calculator app can open the door to data harvesting. The safest app is the one you’ve checked first.
- Develop a clear list of approved apps. This should be regularly updated and shared across departments.
- Encourage a pause-and-check culture. Before downloading anything, ask: Who made it? What does it need access to? Is there a safer alternative?
- Use tools like Mobile Device Management (MDM) software where possible, especially for school-owned devices.
- Run staff training sessions where examples of malicious apps are shown and explained.
The Dangers of “Found” USBs
Plugging in an unknown USB might seem harmless, especially in a rush to print a document or move a file. But USBs are one of the easiest ways for bad actors to install malware, steal data, or damage a network.
In a 2016 experiment, researchers dropped USB sticks in public spaces. Over half were plugged in by curious passers-by. The same behaviour is seen in schools and universities.
For IT teams, it’s worth running a simulation exercise: drop a few marked USBs around and see how many end up being used. It can be a powerful teaching moment.
- Never plug in unknown USBs, even if found in the classroom or staffroom.
- Use labelled, school-issued USBs for all work-related transfers.
- Encourage students to use cloud storage (like Google Drive or OneDrive) instead of USBs.
- Consider blocking USB ports on student devices unless explicitly needed.
Phishing Isn’t Just for Email
Students and staff often think of phishing as dodgy emails offering prizes. But phishing today includes:
- Fake login pages for school portals or online learning tools.
- Messages on platforms like Discord or WhatsApp pretending to be classmates or admins.
- QR codes leading to fake sites.
Everyone should know how to check links before clicking. On desktop, that means hovering your mouse over the link to preview the address. On phones, it’s about pressing and holding to preview.
- Create a quick quiz where staff must spot fake versus real links.
- Include phishing awareness in digital literacy programs for students.
- Share examples of real phishing attempts (with sensitive info removed) to show how convincing they can be.
Strong Password Habits Start at School
Weak or reused passwords are still one of the most common ways systems are breached. A student using “password123” on their school login puts not just their work, but the whole system, at risk.
For teachers, it’s important to model these behaviours. If staff are writing passwords on sticky notes or reusing the same one across platforms, students notice.
- Use passphrases, like “redchair4windowjump” instead of a single word.
- Don’t share passwords, even with friends or classmates.
- Turn on multi-factor authentication (MFA) wherever possible.
- Change passwords when prompted, not months later.
Set the Tone: Make Cyber Safety Part of School Culture
It’s not just devices and apps that need managing, online behaviour is just as important. As more teaching and collaboration moves online, both staff and students need clear guidance on how to interact safely, protect personal details, and respond to cyberbullying.
Most schools now use platforms like Microsoft Teams, Google Classroom, or Canvas. These are designed with admin controls and moderation tools. But students still use external platforms like Discord, Reddit or WhatsApp for study groups or peer chats. While not all use is harmful, it can get out of hand quickly if not supervised.
- Encourage use of approved platforms where content and conduct can be monitored.
- Remind students and staff never to share personal information online, including addresses, phone numbers, passwords or even full names on public forums.
- If third-party tools are used, have a discussion about risks and set ground rules on what’s appropriate.
Cyberbullying can happen in any digital space. That includes group chats, comment threads, or even game-based forums. It often starts subtly, mocking, exclusion, or misuse of photos but can escalate quickly.
Online safety isn’t just about blocking the bad stuff. It’s about creating a culture where everyone thinks before they type, posts with kindness, and uses digital tools with respect.
- If something feels off, tell a trusted adult, you won’t get in trouble for speaking up.
- Don’t forward or screenshot bullying messages. That spreads harm and may breach school rules.
- Think before posting anything: Would you be OK if a teacher, parent or employer saw this?
- Identify signs of bullying online (change in student behaviour, reluctance to use devices, vague references to online drama).
- Record and report incidents using school policies.
- Work with IT and wellbeing teams to take action without making the victim feel exposed.
Understanding AI in the Classroom: Privacy, Prompts and Digital Awareness
With the rise of tools like ChatGPT and image generators, students now have powerful platforms at their fingertips. These tools can support learning, but they also come with risks that staff need to understand.
One common issue is oversharing private information. Many people, including staff, don’t realise that inputting personal or sensitive data into an AI platform can lead to unintentional data exposure. These tools often store prompts to improve performance.
Another growing issue is students using AI to bypass filters or generate inappropriate content. Some share prompt hacks that get around safety blocks, like writing offensive content in another language, then translating it back.
Being tech-aware doesn’t mean being a coding expert. It means asking questions like: Where is this data going? Can this tool be misused? What are the digital footprints left behind?
AI will keep evolving. Schools don’t need to ban it, but they do need to guide it. When teachers and IT staff lead with understanding, students are more likely to use these tools in ways that support learning, not replace or undermine it.
- Explore the tools yourself so you know what students can access and how they’re using it.
- Work with IT to implement AI usage policies across devices and learning platforms.
- Teach students about ethical AI use, not just what’s possible, but what’s responsible.
- Never paste in student names, assessment records, or private correspondence.
- Avoid using AI tools for writing student reports, formal parent communications or anything involving confidential data.
- Treat AI chats like public forums, assume everything is visible beyond your screen.
Set the Tone: Make Cyber Safety Part of School Culture
Cyber safety isn’t a one-off lesson. It’s something that should be embedded in everyday language and practice.
Students should feel confident saying, “I think I clicked something I shouldn’t have.” That reaction time can be the difference between a close call and a major issue.
- Include cyber safety tips in weekly bulletins or staff updates.
- Use screensavers and posters in computer labs with key reminders.
- Make time in PD sessions to go over recent threats or best practices.
- Encourage students to report anything suspicious without fear of being punished.
Practical Next Steps
To keep both staff and students cyber safe, schools should:
- Run regular awareness training, tailored to different year levels and roles.
- Audit app usage and device settings on a term-by-term basis.
- Review policies around USBs, app downloads, and personal devices.
- Encourage reporting of strange behaviour, pop-ups or devices.
The risks will keep changing, but good habits, critical thinking, and a cautious mindset are timeless. By working together, IT and teaching staff can create an environment where safety is second nature, not just a checkbox.
Building a Culture of Cyber Awareness
Cyber safety isn’t just an IT problem, it’s everyone’s responsibility. From teachers choosing the right app, to students learning what not to share online, every action contributes to a safer digital environment.
In classrooms across primary, secondary, TAFE and university settings, the risks are real, but so are the opportunities to teach good habits. Whether it’s pausing before plugging in a USB, thinking twice about what gets posted in a group chat, or knowing when to report something suspicious, these small moments matter.
Creating a cyber-aware culture means making safety part of everyday thinking, not just a once-a-year training. Staff and students alike need to stay curious, ask questions, and understand the tools they use, not just how they work, but what they might expose.
By working together, schools can build learning spaces that are not only connected, but safe, respectful and digitally strong.
Thank you for reading, and if you found a part of this useful. Share so it can help others.
Also go come check out my channel on YouTube
