Mar 09 2023

CISA Urges K–12 Schools to Prioritize Stronger Cybersecurity Investments

More than a year after the landmark law on cybersecurity in K–12, a federal report says risk management should be a top priority.

More than a year after Congress passed the 2021 K–12 Cybersecurity Act, the nation’s Cybersecurity and Infrastructure Security Agency released a report sharing best practices for K–12 schools. The law charged CISA with reviewing the risks schools face and sharing recommendations to mitigate them. Earlier this year, the agency released its report, “Partnering to Safeguard K-12 Organizations from Cybersecurity Threats.”

Click the banner below to learn about the latest K-12 tech when you register as an Insider.

Schools Should Deploy MFA and Attack Known Vulnerabilities

Calling the report a starting point, CISA offers three recommendations.

First, it encourages K–12 schools to invest in the most effective cybersecurity measures available. These include “deploying multifactor authentication (MFA), mitigating known exploited vulnerabilities, implementing and testing backups, regularly exercising an incident response plan and implementing a strong cybersecurity training program.”

DIG DEEPER: Here’s why multifactor authentication should no longer be optional.

Second, CISA urges K–12 leaders to build a culture of cybersecurity and make it a top priority, adding that “information technology and cybersecurity personnel cannot bear the burden alone.” The report specifically charges those leaders with acquiring funding for security investments and with migrating to “secure cloud environments and trusted managed services.”

Schools Should Share Information and Collaborate

Finally, the report encourages schools to collaborate with peers, partners such as the K12 Security Information eXchange, and agencies such as CISA and the FBI to “build awareness and sustain resilience.”

Doug Levin, K12 SIX national director, says the report is only one step in a much longer journey.

“Given the steady drumbeat of ransomware, targeted scams and data breach incidents plaguing school systems from coast to coast, CISA’s report comes not a moment too soon,” Levin says. “This landmark federal report recommends common-sense steps that stakeholders can take to bring about needed change.”

Get incident response best practices at

Getty Images: GeorgePeters (texture), jack0m (polygons), bsd555 (icons)

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.