Allowing users to automatically forward incoming emails to external accounts may seem harmless—but in a school environment, it can create serious risks. When forwarding is unrestricted, sensitive information could leave the school’s secure ecosystem, making it vulnerable to data loss, phishing, and policy violations.

To protect internal communications and student data, it’s recommended to disable auto-forwarding by default. Exceptions can be managed through an approved allowlist and monitored for compliance. This proactive step ensures your school remains aligned with cybersecurity best practices while still supporting flexibility when truly needed.

At Get Set Tech, we help schools lock down key Google Workspace settings, reduce exposure, and build environments where learning is secure and uninterrupted.