Security

How to Make the Case for Cybersecurity

The K–12 Blueprint Security toolkit can help IT leaders get the buy-in they need to create strong cybersecurity programs.

Wendy Jones

Wendy Jones is a K–12 Education Strategist Manager for CDW•G.

The education sector still lags behind other industries when it comes to cybersecurity.

A 2018 SecurityScorecard report found that education ranked last out of 17 industries in the country in terms of overall cybersecurity posture. It also found that education ranked poorly in three key areas: application security, patching cadence and network security.

That’s a serious concern today, especially with cybercriminals increasingly targeting K–12 school districts holding massive amounts of student data.

Thankfully, IT leaders continue to prioritize cybersecurity. In fact, for three years straight, IT leaders in education ranked it as their No. 1 technology priority, according to a recent ed tech leadership survey conducted by the Consortium for School Networking (CoSN).

But some IT leaders still lack resources to successfully develop a cybersecurity program. I’ve seen that firsthand as a former instructional technology director.

As a CDW•G K–12 education strategist working with different school districts, I’ve also found that there are plenty of IT folks out there who are having trouble getting buy-in from peers and decision-makers in their districts when it comes to implementing security tools and training.

To help everyone in a school district understand how crucial that is, CDW•G partnered with Clarity Innovations to create the K–12 Blueprint Security toolkit. It’s a hub for resources and materials that touch on cybersecurity best practices, strategy planning, data security procedures and more.

What’s in the K–12 Blueprint Security Toolkit?

As we were putting this together, we also knew we couldn’t just focus on the tools. We had to look at the human side of security too. We relied on two key models — CoSN’s Trusted Learning Environment and the National Institute of Standards and Technology’s Cybersecurity Framework — and paired them together to create a resource bank that encourages an organizational shift toward better cybersecurity practices.

Here are some of the things you’ll find:

Sample phishing email: Can faculty and staff in your district spot a phishing scam? If you’re not so sure, consider a phishing test, which involves sending out a fake email and measuring the response. We’ve included several sample emails that you can customize for your phishing campaign to help others better detect signs of a scam.
District security self-assessment checklist: Use this checklist from CoSN to figure out where your district stands on security readiness. It takes into consideration numerous areas including district goals, security management implementation, perimeter defenses and user engagement and stakeholder communication.
Data security advice for K–12 leaders: Data security is not just an IT problem. It should be a schoolwide effort. We’ve listed some tips for how school leaders can encourage that — from sending teachers to educational technology conferences to learn about cybersecurity best practices to implementing digital citizenship instruction for students.
Guide on how to establish a zero-trust ecosystem: This covers best practices for adopting a zero-trust model, which is based on the idea that you shouldn’t trust anyone or anything that could breach data security — even those inside your own network. One piece of advice we offer is vetting every single device in a school’s network before granting access to it.
Sample security presentation: We’ve also included a slideshow that IT leaders can modify to share cybersecurity information with people in their school district or even secure executive-level buy-in. It also explains why it’s important to build a secure cyber culture and how IT leaders, administrators, educators and other school staff can work together to do that.

Ultimately, we hope that this toolkit will show school districts how important it is to look at cybersecurity with a change management mindset.

This article is part of the “ConnectIT: Bridging the Gap Between Education and Technology” series. Please join the discussion on Twitter by using the #ConnectIT hashtag.