9 Things You Need to Know about School Cybersecurity

Cybersecurity threats have tripled since the COVID-19 pandemic began, and K-12 schools have become a significant target. While Los Angeles Unified School District is one of the most prominent examples, at least 2 million students across the country have been affected by ransomware attacks at school. The loss of learning time for students following a cyberattack ranges from three days to three weeks – not to mention the significant cost to the district..

Education technology trainer and consultant Andrew Grimes recently led a Learning.com webinar “Staying Safe and Secure at School” to discuss protecting yourself from cyber threats, teaching students to stay safe online, and safeguarding data on a district-wide level. Here are 9 key takeaways from this webinar:

1. Cybersecurity goes beyond what’s online. Cybersecurity includes protecting your personal data both on- and offline. Leaving social security numbers or credit card information on paper laying around an office compromises cybersecurity.
2. 55% of K-12 data breaches originate from vendors, not from the schools or districts themselves. So its important that your vendors prioritize cybersecurity, too. Look for vendors that are SOC 2 Type 2 compliant, which means they have been rigorously audited by a third party to confirm that security controls and processes are in place to protect customers’ data.
3. You need more than one layer of security. Banks don’t rely solely on a safe to protect money from thieves. They use security cameras, protective glass, and in some cases armed guards to create multiple layers of protection. Similarly, you need to create multiple levels of protection for your data.
4. 85% of cybersecurity threats result from human behavior. Gone are the days when viruses simply invaded computers of unwitting users. Now it’s more common for people to play an active role in data breaches. In fact, 75% of cybersecurity breaches start with an email.
5. A data breach is forever. Cyberattacks can cause significant problems for business or school operations, shutting down email, gradebooks, or other online systems for days or even weeks. But if data is breached in a cyber attack, the true impact lasts forever – those names, email addresses, passwords or other information will live on the internet in perpetuity. This is important to teach students, as well. Learning to protect their data now can save them time and trouble for years to come.
6. You need better passwords. Better than a password, create pass-phrases and make them even longer than the recommended 12 characters. Don’t reuse the same pass-phrase on multiple sites, either. You can go to haveibeenpwned.com, enter your email address, and see all of the services you’ve used where one of your passwords has been compromised. All of those passwords are sitting out there on the internet, affiliated with your email address, making it easy for a person to guess your password on other sites, as well. Password manager applications are a good way for you and your students to keep track of a variety of strong, hard to guess (and hard to remember) pass-phrases.
7. Cybersecurity starts at the top. District leaders have to see the value in cybersecurity and commit resources to it in order to truly protect their entire organizations. But there will be give and take, balancing risks versus convenience. It’s important not to try to implement policies that leaders don’t want to enforce or abide by themselves.
8. Teachers should lead by example, too. If you want your students to learn to value cybersecurity and protect their own data, teachers and administrators need to lead by example. Don’t just accept the policies adopted by your school and district – follow them. For example, don’t leave your computer screen unlocked on your desk if you don’t want your students to do the same thing.
9. Free tools can help schools get started with cybersecurity. The federal Cybersecurity & Infrastructure Security Agency provides free tools and resources that schools and small businesses can leverage to enhance their online safety. There’s also a free cybersecurity rubric, designed specifically for education, that you can use to evaluate your organization’s cybersecurity. Andrew offers consulting services through techknowsurge.com. 

Ultimately, developing and implementing a robust cybersecurity program for your school, your students, and yourself as an individual, is not a one-time investment, but a continuous process. “But the effort that you put in up-front has huge rewards,” says Andrew.

Click below to watch the “Staying Safe and Secure at School” webinar: