Being safe starts with not thinking you are safe. Not even as a primary school. Hackers are getting younger, or sometimes teens want to trick their old school. How do you secure your school as well as possible?
Make an inventory of the vulnerable information and systems. And take security measures.
Have a penetration test carried out regularly by a specialized company or by a bunch of smart students.
Make sure your system can record who is intruding (this is called: forsensic readiness)
Run security updates at a fixed time every week.
Have all your employees change their password once in a while.
Report any data breach to the Dutch Data Protection Authority, which is mandatory and report it to the police.
Ensure that the data traffic of teachers and students is separated. So use a different network for digital learning resources than for your grade administration.
Do not think that you are safe as a primary school. A hacker might have a younger sister or brother, or maybe he wants to trick his old primary school. Hackers are also getting younger.
Always be on the lookout for potential hacks. Some go on for months before they are discovered.