Jan 11 2022

The 4 Phases of a Cybersecurity Strategy That Schools Must Implement

K–12 schools that don’t have a solid approach to preventing and handling cyber incidents can create one — even if they’re understaffed — using these key phases.

Despite the increased cyber risks K–12 schools face, some still don’t have a formal cybersecurity plan in place.

A poll from EdTech: Focus on K12 in October found that, of the first three phases of a proactive cybersecurity strategy, prevention is the area where K–12 IT leaders feel they need the most help. However, nearly half of respondents said they needed help with all three of the phases or had no cybersecurity plan in place at all.

For some, financial and staffing resources may be a challenge, says Kevin Stine, chief of the Applied Cybersecurity Division and acting associate director for cybersecurity at the National Institute of Standards and Technology’s Information Technology Laboratory.

“You have to start somewhere,” says Stine. “Just making sure you have a plan in place now and then being able to improve that over time is really important.”

If your school hasn’t implemented a cybersecurity strategy yet — or wants to enhance its approach — the following four phases can provide a place to start.

1. Amplify Your Prevention and Protection Capabilities

Conducting a thorough inventory of all hardware and software assets can help districts get a sense of what they’re trying to secure, says Randy Rose, senior director of cyber threat intelligence at the nonprofit Center for Internet Security.

Methods such as penetration testing can help schools identify vulnerabilities in their security strategies, and educating employees on how to recognize threats can help deter phishing and other social engineering tactics.

DIVE DEEPER: Protect your school’s network against employees’ bad password habits.

Because threat prevention and cybersecurity are ongoing efforts, schools should plan to examine their asset inventories and procedures at least annually, Rose says, and whenever they make a significant modification.

“You want to review your policies anytime there’s a major change: if you implement a new technology, hire some new staff or make changes to your organizational structure,” he says.

2. Institute Detection and Response Practices

Once districts identify their potential problem areas, the second phase is to develop a comprehensive approach to swiftly identify and contain any breaches that may occur. This can help minimize the effect of a potential attack.

Identifying activity or behavior that schools define as normal can allow them to spot deviations that might indicate a breach.

“You can automate to a certain extent,” Rose says. “There are certainly capabilities — intrusion prevention systems, endpoint detection and response capabilities — that can do some of that detection and prevention and actually block activity for you, but you run the risk of things being blocked that shouldn’t be blocked.”

Even with some automated aspects, detection efforts can require considerable manpower. An IT admin still needs to go through alerts to determine if things are true or false positives, Rose says.

Smaller organizations with fewer in-house IT employees may need to outsource some network oversight tasks.

“If they have the means and ability, districts can use a local service provider that can get to the school when needed,” Rose says. “Some schools are able to do regional information centers. Monitoring could be done in a more centralized location, if it makes more sense to do security monitoring detection and response actions at a regional demarcation point.”

Click the banner for CDW's complimentary data security resources for your K–12 district.

Schools that are concerned about the expense of outsourcing cybersecurity services may be able to fortify security with features that are already available on their devices.

“When you have a computer with an operating system, in most cases there are some built-in security features,” Stine says. “Just having those turned on and functioning can go a long way in helping to maintain a more secure environment.”

Schools can take other steps to enhance their cybersecurity posture, such as strengthening user, device and application security controls and segmenting their networks to limit what an intruder would be able to access.

“Those technical rules you can put in place to control the type of access and the connections between different groups of people or technologies can help mitigate some of the challenges, or at least reduce the impact if there are issues,” Stine says. “Those are certainly protections school districts should have in place.”

DISCOVER: What is Ethernet VPN, and how does it benefit K–12 schools' cybersecurity?

3. Prepare for Potential Recovery Needs

If a cybersecurity incident occurs, schools must be ready to address it while also maintaining crucial network operations.

Some cyber insurance policies cover recovery assistance services from an external provider and can be worthwhile, Rose says, but he advises schools to be aware it won’t absolve all risk.

“You still have to maintain a reasonable level of security, and some insurance policies don’t cover things like ransomware,” he says. “Some don’t cover districts if they don’t meet a specific minimum level of security controls. Make sure you understand what the policy is, what it covers and what the expectations are of you.”

Putting a carefully crafted disaster recovery plan in place ahead of time — and being able to perform it in a timely fashion — is another vital aspect of ensuring your recovery efforts will be successful.

“We’ve seen schools with a disaster recovery plan in place that they’ve never tried out,” Rose says. “They don’t have the proper individuals identified. They haven’t figured out how they’re going to fund some of this stuff.”

Randy Rose
You still have to maintain a reasonable level of security, and some insurance policies don’t cover things like ransomware.”

Randy Rose Senior Director of Cyber Threat Intelligence, Center for Internet Security

Even a tabletop run-through of the plan can help K–12 IT teams answer important questions that could arise during an event, such as how to communicate to parents, students and staff that the school has to shut down.

“Those kinds of things have to be worked through,” Rose adds. “Because if you’ve never done that before, it’s easy to get overwhelmed very quickly when things start to go awry.”

4. Mitigate Risk by Partnering with an Expert

While cybersecurity and student data privacy are the top two tech priorities for U.S. K–12 IT leaders, cybersecurity risks are often underestimated, according to a recent report from the Consortium for School Networking. Eighty-four percent of district IT leaders who responded to the report’s survey don’t rate any cyberthreats as high-risk.

For K–12 schools facing IT resource challenges, or those wanting to confirm that their security strategy is as comprehensive as possible, working with a trusted tech partner can help ease the burden on their staff and give the district’s team an objective, 360-degree view of its IT capabilities and safety protocols.


The percentage of school district IT leaders who rated the threat of phishing as medium/high or high

Source: CoSN, “The State of EdTech Leadership in 2021,” May 26, 2021

CDW’s AmplifiedTM Security services, for instance, offer an independent evaluation of a school’s security posture. Third-party evaluations can help districts find and fortify weaknesses in their cybersecurity strategies, including identifying any gaps in security benchmarks outlined in NIST and other security frameworks.

Proactive cybersecurity services, including framework and penetration testing, give K–12 IT professionals visibility into existing vulnerabilities within their environments.

To help schools stay vigilant and enact a strong defense against potential cyber incidents, IT admins can work with experts who can design security controls that help prevent data breaches. A trusted partner can position K–12 institutions to proactively respond to cyberattacks, including installing and deploying advanced security techniques and ensuring technologies are optimized for schools’ specific needs.

EXPLORE: Use this checklist to determine your district's cybersecurity preparedness.

Prostock-Studio/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.