Secondary school student checking privacy settings and suspicious messages on a laptop in class

Quick answer

Protect your school accounts with a unique password and MFA, slow down for suspicious messages, and ask for help early if something feels off. Most student cyber problems start with rushed clicks, reused passwords, or sharing more than you meant to.

Cyber security can sound technical, but for students it usually comes down to a handful of everyday habits: protecting your accounts, spotting dodgy messages, being careful what you share, and knowing when to ask for help.

This guide is for students in New Zealand who want a clear, practical starting point without lectures or jargon.

Why cyber security matters to students

Your accounts and devices are connected to more of your life than you might think. A compromised student account can expose:

  • your email and messages
  • school files and shared documents
  • personal photos or saved data
  • accounts linked through password reset options
  • other people you know if someone starts messaging them as you

You do not need to be famous or rich to be targeted. You only need to be reachable, rushed, or trusting at the wrong moment.

Start with your passwords and sign-ins

Weak or reused passwords are still one of the easiest ways for attackers to get into accounts.

Better habits include:

  • using a unique password or passphrase for important accounts
  • not reusing your school password anywhere else
  • turning on multi-factor authentication where available
  • never sharing passwords with friends, even casually
  • keeping backup codes private

If one site gets breached and you reused the same password somewhere else, attackers will often try that same login on other accounts.

For the full walkthrough, use Passwords, passphrases, and MFA: a simple guide.

School accounts deserve extra care

A school account is not just another login. It can connect to email, classroom systems, cloud storage, calendars, and shared work.

Good rules for school accounts:

  • only use them for school-related services
  • do not sign into random apps with your school email just because it is easy
  • sign out of shared or public devices
  • do not let browsers save school passwords on devices other people use
  • tell the school quickly if you think the account has been compromised

Spot scams and fake messages early

Scams are often designed to make you react before you think. That can be through fear, urgency, curiosity, or excitement.

Warning signs include:

  • messages saying your account will be locked unless you act now
  • links asking you to log in again unexpectedly
  • texts about deliveries, prizes, or payments you were not expecting
  • messages from “friends” asking for money, codes, or urgent help in a strange tone
  • login pages that look close to real but not quite right

Pause beats panic. When something pushes you to act quickly, that is often the moment to slow down.

For the full guide, see How to Spot Phishing Emails, Scams, and Fake Messages.

Protect your phone, laptop, and tablet

Cyber security is not just about accounts. Devices matter too.

Basic device habits that make a real difference:

  • keep your phone and laptop updated
  • use a screen lock with a PIN, password, or biometrics
  • only install apps from trusted stores or known providers
  • remove apps you no longer use
  • be careful with browser extensions and downloads
  • avoid connecting to unknown USB devices or downloading cracked software

If a device starts acting strangely after a download, pop-up, or login attempt, stop using it for important accounts until you have checked it properly.

Students in a school common area discussing something on a laptop — cyber security for students in New Zealand.

Privacy settings are part of cyber security

Cyber security and privacy overlap. If you share too much publicly, scammers and impersonators have more to work with.

Review:

  • who can see your profile information
  • whether your location is being shared
  • what apps can access your camera, microphone, and contacts
  • which accounts are linked together
  • whether old posts or files reveal more than you intended

For a deeper look at privacy checks, use Privacy in Education — What Teachers and Students Should Check.

Know when to stop and ask for help

You do not have to solve everything alone.

Tell a parent, teacher, dean, or another trusted adult if:

  • you clicked something suspicious and entered your login details
  • someone is threatening, blackmailing, or pressuring you online
  • an account starts sending messages you did not write
  • a device suddenly behaves strangely after a download or login
  • you are unsure whether something is a scam but it feels wrong

In New Zealand, Netsafe can also help with online safety concerns and harmful digital situations (1).

What to do if you think an account has been compromised

  1. Change the password straight away from a trusted device.
  2. Turn on MFA if it is not already on.
  3. Sign out of other sessions where possible.
  4. Check recovery email and phone settings.
  5. Tell your school if it involves a school account.
  6. Warn trusted contacts if messages may have been sent from your account.

Acting early usually reduces the damage.

A practical student cyber security checklist

Are my important passwords unique?
Is MFA turned on where available?
Do I use my school account only for school-related tools?
Do I pause before clicking login links in messages?
Are my device and apps updated?
Do I know who to tell if something goes wrong?

Knowledge check

Q1 A classmate asks for your school password so they can "just quickly upload something" from your account. Should you share it? tap to flip
Answer: No. Sharing passwords removes your control over the account and can expose your email, files, and school systems. Even if you trust the person, you cannot control what happens once the password is shared.
Q2 You get an email saying your school account will be disabled unless you log in through a link immediately. What should you do first? tap to flip
Answer: Do not use the link. Go to the real service directly by typing the address yourself or using a bookmark you already trust. If the message is fake, report it to the school or a trusted adult.
Q3 Why can public profile information make you easier to target? tap to flip
Answer: Public details such as your school, email, friend network, birthday, or interests can help scammers craft more convincing messages, guess passwords, or impersonate people you know. Less public information usually means less material for them to work with.

Sources and references

[1] Netsafe New Zealand. (2025). Staying safe online. https://netsafe.org.nz/

[2] New Zealand Police. (2024). Internet scams, spam and fraud. https://www.police.govt.nz/advice/email-and-internet-safety/internet-scams-spam-and-fraud

[3] National Cyber Security Centre UK. (2023). Password managers. https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/password-managers

[4] New Zealand. Office of the Privacy Commissioner. (2025). Your rights. https://www.privacy.org.nz/your-rights/

What to do next