6 practices to enhance your school’s cybersecurity after the PowerSchool data breach

Administrators aiming to boost cybersecurity in schools now face a growing problem: extortion.

PowerSchool, which provides tech solutions for K-12 educational institutions, confirmed a major data breach in December 2024. During the breach, hackers exposed sensitive student and staff information, including names, contact details, Social Security numbers, medical records and passwords.

Although the incident was initially resolved, cybercriminals have since begun attempting to extort individual schools by threatening to release their data. Multiple school districts are also now suing PowerSchool over damages incurred by the breach.

Because the PowerSchool data breach is just one of a growing trend of cybersecurity incidents in the education sector, now is a critical moment for you to evaluate your cybersecurity readiness and vendor management practices.

Here are six best practices for cybersecurity in education you can use to mitigate the risks of a data breach in the future.

1. Assess vendor education data security practices and strengthen risk oversight

The PowerSchool hack is not the first edtech data breach — and frankly, it won’t be the last. Your school should adopt a proactive and structured approach to managing third-party cybersecurity risk by taking several specific steps.

To start, figure out how much of your data any vendors actually have. You can do this by creating a vendor inventory with data classifications that highlight what information each individual vendor can access so that you can make sure you’re not sharing anything you don’t need to.

You also want to evaluate whether your vendors practice responsible cybersecurity. Consider implementing standardized security questionnaires during procurement to assess vendor cybersecurity maturity.

Additional useful steps include:

• Reviewing contracts for key clauses such as breach notification timelines, data encryption standards and vendor incident response obligations.
• Monitoring vendor risk continuously, not just at onboarding. Use cybersecurity rating services or periodic reviews to stay informed.

2. Update and test your school data security incident response plan

Ideally, you already have a cyber incident response plan in place. But your plan is only effective if it’s current, accessible and practiced.

Be sure to regularly update contact lists and escalation paths. This is especially important for IT, communications, legal and school leadership.

You should also clarify roles and responsibilities across internal teams and external partners, including vendors and cyber insurance providers. Document specific protocols for ransomware, data exfiltration and third-party breaches, as each scenario will require a unique response.

If a breach does occur, you should be ready to talk about it. Communicate the facts and your response efforts to all, including students, staff, parents and media outlets.

3. Conduct tabletop exercises on cybersecurity in education scenarios

Tabletop exercises simulate real-world cyber incidents to test response capabilities and identify gaps. Think of this like a fire drill for a cybersecurity event.

According to DRI International, a leading nonprofit in business continuity and resilience education, a cybersecurity event is more likely than a fire or major facility event, yet schools tend not to focus enough on tabletop exercises. Common scenarios you should prepare for in your school include:

• A ransomware attack that locks access to student records.
• A third-party vendor breach exposing PII or other sensitive information.
• A phishing campaign that compromises administrative email accounts.

When you run a tabletop exercise, don’t just include IT staff. Involve legal, communications, HR, school administrators and even a few teachers to help ensure a holistic response.

4. Invest in school cybersecurity awareness and culture

Human error is still a top cause of data breaches. Building a cybersecurity-aware culture is as critical as any technology investment.

Key actions here include:

• Provide regular training tailored to staff roles — teachers, administrative personnel and leadership all face different risks.
• Conduct phishing simulations to test and improve user resilience.
• Empower staff with easy-to-follow guidance on reporting suspicious activity.

5. Purchase proper cybersecurity insurance

Cybersecurity insurance helps your school mitigate financial risks from cyber incidents. To make sure your coverage is good enough, follow these four steps when choosing a plan.

1. Conduct a thorough risk assessment to understand vulnerabilities and potential financial impacts. This assessment should involve key representatives from the school, including IT, legal, finance and administration.
2. Compare insurance providers and policies to find the best fit for your school’s unique needs. Look for providers with experience in the education sector and a solid track record in handling cyber claims.
3. Pay close attention to policy terms, exclusions, and limits. Make sure the policy covers various types of cyber incidents, including ransomware, data breaches and business interruption.
4. Regularly review and update insurance coverage to keep pace with evolving threats and changes in the school’s operations.

6.Partner to enhance your school’s cybersecurity resilience

You don’t have to manage your school’s cybersecurity risks alone. Pursuing strategic partnerships can help fill capability gaps.

For example, engage third-party cybersecurity experts to conduct risk assessments, do penetration testing or provide virtual chief information security officer (CISO) support.

You can also leverage state and federal resources, including the K12 Security Information Exchange (K12 SIX) and free services for education entities offered by the Cybersecurity and Infrastructure Security Agency (CISA).

And use your network. Collaborate with peers to share promising practices, lessons learned and bulk-purchase solutions.

The PowerSchool data breach is a reminder that cybersecurity is not just a technology issue — it’s a leadership imperative. Schools must move from a reactive posture to one of resilience, embedding cyber preparedness into procurement, governance, communications and culture.

By adopting the strategies above, education leaders can not only protect sensitive data but also preserve trust — an increasingly vital asset in today’s digital learning environment.

How Wipfli can help

If you want to enhance your school’s cybersecurity and data protection strategies, Wipfli can make it simple.

Ask for anything, from an assessment of your current cybersecurity capabilities to help harden your systems to running tabletop exercises, tracking threats and even 24/7 monitoring and data recovery.

To learn more or get started, contact an advisor today.