Last December, PowerSchool got hacked. The breach exposed personal information belonging to 60 million students and 10 million teachers, making it the largest leak of American children’s data on record. PowerSchool is a major, established company. They still missed basic security protocols.
Now think about all the random apps and tools teachers and students use every day that aren’t nearly as reputable as PowerSchool. That’s the shadow IT problem, and according to Russ Munisteri, CISSP, program chair and lead instructor at MyComputerCareer, it’s one of the biggest cybersecurity blind spots schools face today. His recent piece in EdTech Digest breaks down why this matters and what schools can do about it.
What Is Shadow IT in Schools?
Shadow IT happens when people use apps, websites, or software that haven’t been approved by the school’s IT department. A teacher downloads a free grading tool. A student uses an AI chatbot for homework help. These tools might work great, but because they bypass official channels, IT teams have zero visibility into what data they collect or how secure they actually are.
The numbers back up why this matters. About 25% of U.S. teens now use ChatGPT for schoolwork, and schools have no idea what sensitive information students might be sharing with it. Meanwhile, 82% of K-12 organizations dealt with cyber threats last year.
Why Shadow IT Creates Cybersecurity Risks for Education
Schools check all the boxes for hackers. They’re typically underfunded, their cybersecurity lags behind other sectors, and they sit on valuable data. Student loan information, grades, Social Security numbers, birth dates—all of it sells for good money on the dark web.
When unapproved tools run wild in classrooms, IT teams can’t monitor what data leaves the system or how it gets stored. That puts schools at risk of violating laws like FERPA, and it leaves networks wide open to attacks they can’t even see coming.
How to Protect Schools from Shadow IT Threats
Russ lays out practical steps schools can take right now. Set clear rules in plain language about which tools are approved. Run quick training sessions for teachers and students on data safety basics. Use monitoring technology to spot unapproved apps running on school networks. And create a simple checklist for vetting new AI tools before they enter classrooms.
The key insight? Shadow IT isn’t just an IT department problem. It requires the whole school community—teachers, principals, parents—to understand why controls matter and how they protect everyone.
Building a Cybersecurity Career in Education
Schools desperately need IT professionals who understand these threats and can communicate them to non-technical audiences. Being able to explain shadow IT risks to a teacher in two minutes is just as valuable as knowing how to lock down a network.
For anyone building IT skills, the education sector represents real opportunity. Schools need people who can balance security with usability, who understand that teachers want tools that work, and who can build systems that protect data without creating friction. Thinking about making the jump to IT?
Want to develop the cybersecurity skills that make you valuable to schools, businesses, and organizations dealing with these exact challenges? Check out our cybersecurity training programs and see how MyComputerCareer prepares you for the IT problems employers are actively trying to solve.
