Cybersecurity in EdTech: How Vittascience Strengthened Its Defenses with CYBIAH

Founded in 2018, Vittascience develops digital educational tools used by over 300,000 teachers and students. Faced with a rise in cyberattacks, Léo Briand decided to enhance his organization’s cybersecurity maturity with the support of CYBIAH, the cybersecurity and AI hub dedicated to small businesses, social economy actors, and local authorities in the Île-de-France region. In this candid conversation, he shares key realizations, lessons learned, and the results of personalized support.

Full Interview with Léo Briand, Founder of Vittascience and Vice President of AFINEF

Can you introduce yourself and your organization?

My name is Léo Briand, and I’m the founder and president of Vittascience, a startup that promotes science and digital technology in education — from primary to high school. I’m also the Vice President of AFINEF, an association that brings together 130 players in the EdTech sector, from companies to nonprofits, all working toward advancing digital education in France and internationally.

Vittascience is a 15-person startup founded seven years ago, based in the Île-de-France region, with remote employees across France. Our mission is to help over 300,000 students and teachers learn key digital skills like coding, robotics, and artificial intelligence. Not everyone knows this, but coding is now part of national exams in France — both the “brevet” and the “bac.” So, this directly affects teachers and students, and we aim to support them through our platform.

A few years ago, an EdTech company was hacked, and a large amount of personal data was stolen. It was a project management platform, and the incident received media coverage and triggered discussions with the Ministry of Education about better supporting companies. That’s when the importance of protecting personal data really hit home for me — especially because in education, we often deal with data from minors. That’s when I began exploring cybersecurity and discovered the CYBIAH program.

Was there a specific cyberattack that pushed you to take action?

Yes. About four years ago, an EdTech company suffered a breach that exposed students’ first names, last names, email addresses, and birth dates — all available on the internet. This is highly sensitive data and can easily be used for malicious purposes like identity theft or cyberattacks. That incident made me realize how serious the risks are.

What were your cybersecurity challenges before joining CYBIAH?

Even before CYBIAH, we had been seeing frequent attacks — especially DDoS attacks that aimed to flood our servers with traffic, as well as more subtle threats.

One that stood out was a phishing attempt targeting our team. Someone impersonated me, the CEO, and contacted one of my employees. They had forged my HTML signature in an email saying, “Message me on WhatsApp, it’s urgent. I’m in a meeting and can’t call.” The employee almost fell for it and reached out on WhatsApp. The attacker then asked them to perform an operation on the website that could have critically compromised the company. Luckily, the employee got suspicious and checked in with me before acting.

Another time, I received an email from what looked like the French tax authority asking me to pay a VAT bill. They had cloned the website perfectly. I was seconds away from entering our company’s credit card info before realizing something was off — French authorities never ask for card payments like that; it’s always via direct debit. These incidents made me realize how sophisticated attackers can be and that our whole team needed to level up on cybersecurity.

What kind of support did you receive from CYBIAH?

Understanding our need for support, CYBIAH delivered real value. The entire team received training on cybersecurity. We also got a personalized audit — not just generic recommendations, but tailored insights.

For example, we identified incoherent web pages and illogical access paths. Some critical services were underprotected. So, we implemented two-factor authentication (2FA) — meaning a password alone wasn’t enough; a phone verification was also required.

We also appointed a cybersecurity lead within Vittascience, someone who received deeper training and now serves as a go-to person on these issues. This made a huge difference and gave us a lot more confidence.

Thanks to CYBIAH, we were able to better understand our attack surface — the specific vulnerabilities we hadn’t noticed before. We were able to mitigate risks and reinforce areas that were already secure. The team adopted better security reflexes. There’s a clear “before and after” in how we handle cybersecurity at Vittascience.

What tangible results have you seen?

The tricky part with cybersecurity is that unless you’ve been attacked, it’s hard to justify the investment — it takes time, money, and it’s a complex and sometimes intimidating topic.

But with CYBIAH, the support was time-efficient and added great value. It allowed us to enter the cybersecurity space without feeling overwhelmed and opened the door to more resources.

I strongly recommend that other organizations — especially those without a dedicated cybersecurity person — take this issue seriously. Whether through CYBIAH or another program, it’s crucial to protect yourself.

How did the co-funding help you get started?

The co-funding provided by the Île-de-France Region and the European Union was truly reassuring when we decided to get involved in this type of support. We often get approached by a variety of organizations, so it’s not always easy to tell who’s really credible.

Sometimes, the approach can even be quite aggressive. For example, some companies might say, “You have a vulnerability. Either you work with us, or we exploit it.” That kind of tone. So having this initiative backed by recognized institutions gave us real peace of mind and allowed us to engage in the topic of cybersecurity with confidence.

Thanks to CYBIAH, what have you put in place to ensure long-term cybersecurity?

At Vittascience, as I mentioned earlier, we were able to appoint someone in the team as our cybersecurity lead. And we’ve realized that cybersecurity isn’t something you can address once and for all — it’s a long-term effort.

Thanks to this person and all the guidance we received, I believe we now have all the tools we need to defend ourselves effectively over the long term.

So I strongly recommend that other AFINEF members, especially those in the education sector, follow these cybersecurity guidelines and upskill on the topic. It’s absolutely worth it — the risk is simply too great when you’re handling minors’ data in educational platforms and databases to leave this unaddressed.

And ultimately, strong cybersecurity is also a marker of long-term credibility for our organizations.

Has CYBIAH helped accelerate your growth?

This cybersecurity support also opens up new opportunities. It gives us the confidence to take on more ambitious projects that involve processing more data, knowing that our systems and access points are secure.

As our user base and team grow, so does our exposure. This support allows us to scale our operations securely and with peace of mind.

What’s the best way to get started with CYBIAH?

As a business leader, I’d say the initial time investment is quite reasonable — about an hour a week during the first few weeks — to build your own awareness and understanding of the topic.

Then, I really recommend assigning someone on your team to this area. They don’t need to be full-time on cybersecurity, but they should have an interest in the topic and be willing to develop their skills.

Plan for several days of training — about six days, for example, as an initial step — to build a strong foundation. Then a few hours a week going forward, including the ability to conduct self-audits to assess your risk exposure and gradually improve over time.

But it doesn’t require someone full-time, nor does it demand several hours a week from the CEO. If you’re well-supported, it remains a manageable investment.

Want to join our program?

Are you a small business, SME, social enterprise or local authority? CYBIAH offers free support to help you strengthen your cybersecurity and better protect your organization. Don’t let cyber threats jeopardize your activity.

🔗 Learn more and join the program