This article looks at measures K-12 schools can take to maintain good cybersecurity, based on a report by the Center for Internet Security (CIS).
Needless to say, keeping K-12 schools safe and secure is critical. Yet amid efforts to boost the school’s physical security, often ignored is cybersecurity which is important too. This article looks at measures K-12 schools can take to maintain good cybersecurity, based on a
report by the Center for Internet Security (CIS).
In a previous
article, we explored security technologies to secure K-12 schools. Video and audio analytics for example can detect gunshot and other abnormalities that may suggest danger. Smart sensors, meanwhile, are in place to detect smoking, vaping and other inappropriate behavior.
But in this increasingly connected world, cyberattacks and other breaches are threatening K-12, too. Consider the following stats, as described in the CIS report: Between July 2023 and December 2024, 82 percent of K-12 schools experienced cyber threat impacts, and during the same period, 9,300 confirmed cybersecurity incidents were reported at K-12 schools.
Needless to say, a breach can cause devastating impact to the school. Yet such impact goes beyond school and can spill into the community as well. According to the report, K-12 schools are not just education facilities – they provide vital services like nutritional support through breakfast and lunch programs; safe spaces for children of working parents; and mental health and counseling services.
“When cyberattacks disrupt these services, the effects ripple throughout the community. A parent missing work to care for a child during a school closure creates economic impact. A student missing meals due to cafeteria system outages affects their health and ability to learn. The loss of access to counseling services during critical times can have lasting effects on student well-being,” CIS said.
That’s why maintaining good cyber hygiene and preventing cyberattacks are key to K-12 schools. According to the report, various measures can be taken in this regard. Below we take a closer look.
Empowering the human element
Cybersecurity measures and policies are often associated with technology, yet the user plays an important role, too. This holds true for K-12 cybersecurity. In this regard, according to the report, K-12 schools should strive to build a shared understanding that every individual is a part of the team protecting schools from cyber threats; recognize and celebrate staffers who identify and report potential security issues; create open dialogues between the IT department and educational staff; and ensure that all members of the school community understand their actions can directly contribute to protecting vital services.
Technical framework development
Needless to say, empowering humans is not sufficient to combat cyber-threats. Technology plays a vital role as well. It should be noted that technology implementations for K-12 cybersecurity should be as frictionless as possible to ensure that teachers and staffers can focus on their main mission: to educate the nation’s young. That said, key technology implementations to ensure cybersecurity in K-12 should include, according to the report: multi-factor authentication designed with teacher workflows in mind; backup systems that automatically protect critical data while allowing teachers to focus on teaching; network design that protects sensitive information; and endpoint protection that focuses on preventing threats without creating barriers to educational software and resources.
Fostering community resilience
Finally, as that saying goes, “It takes a village.” Cybersecurity at K-12 is not just a school thing – the whole community should be involved in this regard. In this regard, the report recommends that K-12 schools create communication strategies that establish trusted channels for sharing information with families during cyber-incidents; build relationships with local media to ensure accurate, helpful coverage in the event of a cyber-incident; prepare clear, accessible templates for various types of incidents and implement those templates into the user’s tabletop exercises to get real-world experience and gain confidence; and maintain strong connections with community partners who can provide support to the K-12 organization during a cyber-incident.