In Cybersecurity Awareness Month, stay vigilant and cover your Google Workspace defence line from young insider intruders.
Did you know that hackers attacking schools are increasingly the same age as the students?
To be more precise, they are sometimes students at the same school.
With cybersecurity attacks having recently become commonplace for educational institutions, they must also be prepared to face this challenge from within. Acting for various reasons, teenage hackers can exploit school systems, devices, and accounts, putting confidential data at risk.
Let’s explore what this new challenge for Google admins involves and how to discourage young cyberattackers from targeting your school.
Teen Hackers, a New Insider Risk for Schools
Between 2022 and 2024, teenagers were responsible for 57% of school data breaches in the UK.
Interesting fact: they usually hacked their own schools.
The most common method for accessing confidential school information was not breaking in, but simply entering the correct user passwords. Teenagers just guess them or find them written down on paper. They also take advantage of staff mistakes, such as leaving unlocked devices, sharing data with personal devices, and improper data access settings.
From Teen Pranks To Real Crimes
While students admit to trying to hack school systems for fun or out of rivalry, these challenges, when successful, can cause severe damage. The costs of restoring critical school infrastructure, stopping the further public disclosure of private data, and recovering school reputation aren’t so funny, though.
Young hackers are often open-minded and able to experiment with unconventional methods, sometimes lacking in ethics and imagination.
In September 2025, two 17-year-olds attacked a chain of nurseries in London. They stole names, pictures and addresses of 8.000 children and parents and then posted some of them publicly, demanding a £600,000 ransom. The attack has been described as “a new low” in cybercrime. Fortunately, it finally took an unexpected turn: teenagers withdrew their claims and deleted all files.
When Attacks by Young Hackers Are Simply Malicious
Data breaches that compromise children’s personal data cause outrage among parents, politicians, and local communities. This is especially true when unscrupulous hackers extort an institution into paying a ransom.
In June 2025, a 19-year-old hacker from Massachusetts pleaded guilty to taking part in the largest student data breach in history. A few months earlier, as a part of a hacking group, he stole the sensitive data of 60 million students and 10 million educators from the edtech company PowerSchool. The ransom demand was nearly $ 3 million.
It wasn’t the first cybercrime committed by Matthew Lane. Motivated just by the desire for profit, he had been involved since high school in attacking a school athletic association and seven other targets.
How to Address Insider Cybersecurity Threats at School with GAT Labs
Students-hackers can be “just playing around” or having much more malicious purposes. Whatever their motivations are, no school wants to be their new target.
However, until you understand what that unusual action inside your domain was about, it may be too late.
Don’t wait until your school’s sensitive data is in real danger. Be a few steps ahead of young cyber ninjas and take proactive actions to protect your Google domain. We prepared a list of crucial tasks for the school admin to close up security gaps and prevent dangerous data breach attempts.
Safeguard Children’s Data from Internal Risks in Google Workspace
Audit School Domain Security
Before we discuss specific solutions to improve your children’s safeguarding, we need to identify the current state of your Google domain protection. A comprehensive audit of your digital environment will reveal your weaknesses and help you create a roadmap to fix them. Think as a potential hacker:
- What is the school’s weak link?
- What’s the easiest way to get unauthorized access to confidential data?
- How possible is this to happen?
Your Action:
View GAT+’s One Click Reports to get the current overview of the most common auditing areas. They include documents shared in or out, recently changed files, top-downloaded files, user login reports, geolocations of all Drive activity, suspended account risk reviews, and much more.
Additionally, for ongoing control of potential risks, start monitoring the online activity of all your users and devices in real-time with GAT Shield.
Disable Inactive Accounts and Devices to Lock Unauthorized Access
Let’s say that a student finds an abandoned Chromebook in the school’s storage. After breaking in, he discovers that the user who logged in had access to the old school principal’s office Drive. The young hacker is messing around with files. After finding the principal’s personal notes on teachers, he devises a plan to exploit them…
Accounts and devices that haven’t been used for a while can be a highway for internal hackers to access confidential data. Ensure that all old accounts and devices have been archived, rather than tempting someone at school to check what data they may hide inside.
Your Action:
Identify inactive user accounts with a last login date older than 30 days. Automatically suspend or delete them in bulk using GAT Flow (schedule this action when offboarding each user to have one less task to worry about).
Detect inactive devices with time-based alerts. Don’t forget to deprovision unused ChromeOS devices. If you need to disable many of them (e.g., after the end of the school year), you can do so in bulk using GAT+.
Enforce Strong User Password Standards to Protect Student Data
Picture this: a student with IT skills (and too much free time) holds a grudge against a teacher for unjustified bad grading. After a while of research, he realizes that the passwords for every teacher’s account were created on the same basis. He breaks into the teacher’s account and changes grades as he wishes.
Weak passwords are another critical vulnerability that can be exploited to hack an inactive account with broad permissions. This is the most common strategy students use to break the school system. Besides accessing and sharing personal data, grades, behaviour notes, etc., teen hackers can also use stolen information for worse purposes like extortion or cyberbullying.
Your Action:
Enforce a strong password policy for everyone in the school domain. Regularly change or request modification of user passwords in bulk using an automated workflow. This GAT Flow feature requires authorization from a Security Officer for an additional security layer.
Strictly enforce app-based MFA (i.e., Google Authenticator) for school staff having access to sensitive data for the best defence from identity theft and phishing. If you use 2FA, get alerted if a user disables this security measure.
Prevent downloading harmful software to bypass user authentication. Apply domain-wide downloading filters and third-party apps policies, and schedule admin alerts for Chrome browser activity.
Audit Chrome extensions already installed on your devices for early risk detection and receive notifications when a new application is installed in Google Workspace.
Remove Excessive User Permissions to Avoid Data Leaks
Imagine that an ex-employee still has access to her Google account. As she continues her career as a high school teacher, she will be more than happy to use the same exam papers, lesson plans, and student activity sheets at the new school. She easily shares her previous user Drive to her personal Google account. For your school, it’s not only about stealing teaching papers but also potentially sharing sensitive information.
Files shared outside the school domain can pose a risk to student data security. In the case above, the teacher only wants to access her educational aids, but another user may have malicious intentions.
Your Action:
Monitor Google Drive files shared outside your domain with automated notifications when such an action happens for the first time for a file. Identify already existing shared out files that contain sensitive information and remove them automatically.
For leavers, we recommend scheduling the offboarding workflow, which includes changing Drive permissions, forcing sign-out, and suspending the account.
Monitor User Inboxes and Online Activity to Detect Phishing
Phishing is one of the most common cyber threats to the school. You surely train your students and school staff to be cautious and think twice before clicking on any unexpected link. But are they ready for internal phishing?
Young hackers can easily create an infected link and send it to their classmates or teachers on behalf of any user. This tactic will be more trustworthy and efficient, especially if the message urges the user to take an action (e.g., downloading additional resources for tomorrow’s class) or promises a reward (e.g., viewing funny pictures of another student).
Your Action:
Prevent student sabotage of your school domain with real-time monitoring of suspicious user behaviour, such as attempting to access a suspicious website or install a new extension. Get notified with automated alerts on unusual activity set up with GAT Shield.
Protect your users from phishing attempts using a GAT+ feature. It detects and deletes phishing emails from your users’ inboxes at once. It also allows you to remove emails that contain sensitive information and spam.
That’s Not the End but Only the Beginning
Any student at your school can theoretically launch a cyberattack on your Google domain. Teenagers love to test boundaries and dare to take on new challenges. They are more likely to hack into the school system for this reason than as part of an organized criminal group.
Anyway, the effects of those cyber incidents can be devastating.
But don’t panic, just stay prepared for insider threats with proactive security tactics.
Employ GAT Suite for Education, a comprehensive solution trusted by schools around the world, to gain a detailed oversight of your school’s online environment. Reduce the likelihood of exposing your sensitive data with ongoing domain auditing, insider risk detection and security workflows.
Insights That Matter. In Your Inbox.
Join our newsletter for practical tips on managing, securing, and getting the most out of Google Workspace, designed with Admins and IT teams in mind.
