English 
English (UK) 
English (Australia) 
العربية 
简体中文 
Dansk 
Nederlands 
Suomi 
Français 
Deutsch 
Italiano 
日本語 
한국어 
Norsk bokmål 
Português do Brasil 
Español 
Svenska While the 2021-2022 school year returned to “normal,” many district leaders acknowledge that it wasn’t a typical school year, even though in-person learning resumed for many. In addition to the challenges associated with the pandemic, K-12 districts also had an influx of cybersecurity attacks.
Lightspeed Systems® brought together a panel of experts to discuss trends educators and administrators can expect in the coming school year. And cybersecurity for schools was a top trend. The edtech leaders shared key takeaways on cybersecurity and what steps K-12 schools can take to secure their networks next year and beyond.
K-12 cybersecurity trends that will continue next year
Surveys show that cybersecurity remains top of mind for IT professionals and school district CIOs. Many K-12 IT leaders know that schools are, unfortunately, an easy target for hackers.
According to Steven Langford, Chief Information Officer for the Beaverton School District in Beaverton, Oregon, schools possess a wealth of data and many lack the resources to contain or monitor that information the way private companies do. That makes school districts an appealing, vulnerable target for hackers.
Langford gives an example of a DDoS attack that nearly shut down Beaverton’s network on the first day of statewide testing. Eventually, it was discovered the attack had been purchased by students for only $50. When a cyberattack against a school can be purchased so cheaply, there’s concern this will be an issue for schools going forward. Langford also pointed out more sophisticated organizations can initiate even more effective, powerful attacks than the one purchased against his school.
Mitigate the risks of your K-12 school falling victim to a cyberattack
The increasing ease of launching a cyberattack should make addressing network security a priority for K-12 schools.
Langford said the first thing schools can do to protect themselves from cyberattacks is to look at available resources—including, Multi-State Information Sharing and Analysis Center (MS-ISAC), Cybersecurity and Infrastructure Security Agency (CISA), and Center for Internet Security (CIS)—to see how their district can align with the recommendations from those agencies.
Another strategy to safeguard your school is to perform an audit.
During the upheaval of remote learning caused by COVID-19, it’s possible that the IT safeguards your school had in place were overlooked. Teachers and administrators, trying to ensure that learning continued under extremely trying circumstances, may have downloaded new software and apps outside of IT processes, vendor assessments, and security vulnerability scans.
Performing a risk assessment can help you address this and is a good step to protect your school’s network against cybercrime. Mike Baur, who works within the education technology vertical at Amazon Web Services (AWS) advised schools ask themselves these questions when conducting an audit:
- What does your system look like?
- What is your infrastructure?
- What companies are you working with from an edtech perspective and how well are they operating with each other?
Another way districts can protect themselves is through cybersecurity insurance. But if you are considering insurance, it might be a good idea to move fast: insurance companies are raising expectations for what conditions they’ll accept. This can even be true for districts that already have cybersecurity insurance and are looking to renew.
Finally, having a cybersecurity plan is crucial. This includes:
- Ensuring your leadership team has a mitigation plan
- Knowing how to engage with local authorities immediately in the event of a suspected breach
- Planning how and what to communicate to parents and other stakeholders if there’s a cyberattack
A good framework to build your school’s cybersecurity plan can be found by taking the plans and processes your district already has in place for emergencies and using them as a model for a chain of command and communication protocols during a cybersecurity incident.
