Security

K–12 Schools Must Focus on People, Processes and Technology in Cybersecurity

A knowledgeable security partner can help school IT departments build effective backups.

Dr. Sharon Jumper is a cybersecurity learning architect and a workforce development instructor at CDW, specializing in cybersecurity management, cyber law and policy, cyber risk management and regulatory compliance.

Schools collect and store valuable data that is essential to their daily operations. When those operations are interrupted, children can be severely impacted. This is why every K–12 school must develop comprehensive physical and cybersecurity strategies to shield them from the variety of threats that can interrupt learning.

Whether schools lose vital data as a result of ransomware attacks or natural disasters, either type of event puts learning continuity at risk. Data loss doesn’t just affect grades, it also changes how schools communicate with students and their parents. Schools could also lose access to student medical information, mental health information, individualized education plans. Schools also maintain records containing personally identifiable information on parents, faculty and staff that could be a treasure trove for thieves and fraudsters. There are statutory requirements for safeguarding each of these types of data, including the Family Educational Rights and Privacy Act, HIPAA and The Fair Credit Reporting Act.

To reduce their vulnerability and liability, K–12 schools must keep their systems accessible to students, faculty and staff while making them impenetrable to criminals. They must also consider people and processes: A partner such as CDW, with its workforce development team, can help you assess your network and reinforce these critical areas.

Click the banner to learn about cybersecurity solutions and services for your K–12 institution.

Strengthening the Weakest Link in K–12 Cybersecurity

Across all sectors and disciplines, people are the weakest link in any cyber system. The K–12 environment has a broad range of users, ranging from skilled IT professionals to children who won’t understand social engineering.

Any user on a school network, including seasoned IT professionals, can click on a phishing link and open up the organization to significant threats. This is why end-user training is critical for schools. A culture of “security mindfulness” should be built with the goal of mitigating both physical and cyber threats. Still, with so many school IT departments operating with limited staff and resources, school administrators must look elsewhere for security assessments and cybersecurity education.

LEARN MORE: A national cybersecurity expert shares how K–12 staff can outsmart phishing emails.

Having a trusted partner with a proven background in security assessments, operations and cybersecurity education can be immensely helpful. CDW’s workforce development team offers a variety of educational resources for a wide range of end users. Schools can access training for general audiences on basic computer technology and user awareness about threats facing the school environment.

While the wider school community could benefit from cyber education, professional development is necessary for school IT staff. In a 2023 Consortium for School Networking report, IT leaders said their No. 2 technology challenge was an “inability to hire skilled staff,” and 36 percent said they were concerned about sustaining their current staffing levels. The report also noted that a lack of professional development to help existing staff get up to speed compounds the issue.

CDW offers customized learning tracks that can help IT professionals grow their skills using a framework for cyber workforce development. We are an authorized training partner with Cisco, Microsoft, Amazon Web Services and Palo Alto Networks. Through these training modalities, IT professionals can learn to configure and harden their school networks.

Such training helps keep networks secure and may even help with staff retention, as employees can plan their career paths.

DISCOVER: Learn how one school district expanded cybersecurity training with a free service.

Building Airtight Procedures to Strengthen Your Network

Considering the many pressures that understaffed school IT teams face each day, it’s quite possible to miss cracks in the system. Even with a risk assessment, you can’t eliminate all risk. That’s why a good security partner will look at different types of threat occurrences, how likely they are to occur and their potential level of impact. At CDW, we make sure clients understand the biggest risks, then discuss how to dial down those risks and contain and mitigate any potential problems.

When vetting partners, look for ones that are well-versed in K–12 legal compliance regarding student data privacy, notification, data privacy and records protection.

As part of CDW’s risk assessment, our experts will review each school’s network parameters, the types of equipment on the network, the most common ways that threat actors can get into the system and how to detect them. We can also help schools find the best solutions with the resources they have available and ferret out additional sources of federal, state and local dollars to help shore up their networks.

CDW will also review the tools and equipment that will work best within your system, including backup and recovery tools. Your trusted partner should also help you understand key tools for intrusion detection and protection. They will usually review school monitoring systems and structure notification protocols.

The assessment should also include best practices for setting up your policies and protocols and how to enforce and monitor end-user behavior.

DIG DEEPER: Learn why school turn to outside experts to improve their cybersecurity posture.

Schools Should Use Cloud-Based Technology for Backups

Finally, schools must make sure that they have the proper redundancies built in. This will ensure that when something or someone interrupts your service, interferes with data or takes out school equipment, IT staff can quickly recover that data and return you to your previous operational state.

In the case of ransomware, we do not recommend negotiating with threat actors. You’re dealing with criminals, and you can’t trust them. In “The State of Ransomware in Education 2022,” Sophos reports that K–12 education organizations that paid ransoms only got back 62 percent of their encrypted data. Plus, there’s no guarantee that criminals haven’t made a backup of the data themselves for nefarious purposes.

A trusted partner such as CDW can ensure that school systems can weather any storm and that they have adequate redundant backups for power, data and servers.

This is where cloud security can prove invaluable. Gone are the days where schools kept everything in one local, physical facility. Today, we recommend putting mission-critical information in the cloud. When it comes to natural disasters, it is especially important to store data off premises so that schools can easily access backups when needed.

Schools must back up every single day. Many schools have their surveillance cameras tied into their cyber systems to monitor behavior and risks. They will sometimes automatically record over previous events to save storage space. This makes having a digital backup in the cloud important in case you need to verify any criminal behavior on school property.

Schools also have a lot of physical equipment to contend with, including servers and data storage on-premises. Retrieving, sorting and analyzing the volume of data they must collect and store can be difficult.

That’s when it’s worth having a cloud-based or hybrid cloud solution to leverage that digital virtual site. It not only protects your data and gives you a backup in the event of a natural disaster, it also conserves space, time and resources.

Unfortunately, today’s K–12 schools face multiple threats. Now is the time to invite an outside expert to review your systems for weaknesses. CDW’s experts can keep school IT teams abreast of new cyber research, advise them on evolving threats and help formulate a strategy for dealing with those threats. This way, schools can focus on fulfilling their mission of educating tomorrow’s leaders.

This article is part of the ConnectIT: Bridging the Gap Between Education and Technology series. Please join the discussion on Twitter by using the #ConnectIT hashtag.