Oct 17 2023

School Cybersecurity Becomes the Focus of Federal Government and K–12 Leaders

With schools better equipped to provide students access to networks and devices, security takes over as the top priority for IT professionals.

The flood of devices and other technologies into K–12 schools has brought with it heightened attention from the federal government, specifically as it pertains to security. From the Biden administration’s K–12 Cybersecurity Act in 2021 and the Cybersecurity and Infrastructure Security Agency’s subsequent review of threats against schools to the recent Cybersecurity Summit held at the White House, legislation has ramped up around school cyber safety.

With this increased focus on stopping threats at the K–12 level comes more funding for schools. Federal Communications Commission Chair Jessica Rosenworcel announced a pilot program this summer that would allocate $200 million for cybersecurity resources in schools. This move sets the stage for additional future funding for cybersecurity.

The federal government’s actions could also foreshadow what K–12 leaders will see in the highly anticipated National Educational Technology Plan refresh. Work on the latest NETP, which was last updated in 2017, began in September 2022 and is expected to take 12 to 18 months to complete. Cybersecurity will likely play a big role in the new plan, not only because it’s a high priority for many K–12 leaders but also because of pressure from top organizations such as the Consortium for School Networking and a current lack of security resources in schools.

Click the banner to learn about digital transformation solutions for your K–12 environment.

K–12 Cybersecurity Challenges Can’t Be Ignored

Access was previously the top challenge for K–12 leaders. Schools needed help getting students devices and access to the internet. This disparity became even more apparent during the pandemic, leading to a flood of new technology in schools in recent years, from devices to access points and software. With all of this ed tech now in the hands of students and teachers, IT teams need to ensure it’s secured, making this the priority for a majority of K–12 leaders.

In many ways, school IT departments are fighting an uphill battle. Students use their devices in school classrooms, but they’re also taking devices home. With the push to get Wi-Fi on school buses, it won’t be long before students are online wherever they go. In all of these locations, they need proper security to protect them and their data from bad actors.

Unfortunately, most schools don’t have the budget to hire a CISO. The top security person in many school districts is the IT director, who may be the IT director because he or she knew a lot about computers as a teacher.

Additionally, schools are working with tight budgets to implement cybersecurity technologies, and — while the FCC’s program is a step in the right direction and a good sign that more federal money will likely come — finding the funds for next-generation technology can be difficult.

LEARN MORE: Outsource cybersecurity expertise in schools with a virtual CISO.

In these instances, schools are turning to grant money to help bridge the gap and make investments in student data safety. These K–12 leaders can even work with the school funding experts at CDW to identify and strategize around grants. While the team can’t write the grants for schools, they can help administrators and IT leaders come up with a plan for sustainable ed tech funding.

Cybersecurity Is One of Four Pillars of Safety in K–12 Schools

The educational strategists at CDW also give schools the unique opportunity to view their cybersecurity strategy as part of the four pillars of school safety. Schools can work to create a plan that accounts for physical security, prevention, mental health and cybersecurity holistically.

Cybersecurity is a massive safety component; without it, a breach could bring a district to a screeching halt. K–12 schools are notoriously vulnerable to cyberattacks, especially ransomware, which may close a school for days if not weeks.

Because schools face these threats constantly, they need expert guidance to adopt solutions that will allow them to bend, not break. It’s often said that it’s a matter of when — not if — a district is threatened by a cyberattack. Embracing an approach that allows schools to face attacks and keep operating without disruption should be the goal of K–12 administrators and IT professionals.

This mindset is mentioned in the K–12 Digital Infrastructure briefs recently published by the Department of Education’s Office of Educational Technology. Schools need to plan for these cyberattacks and be prepared to execute their plans when the time comes.

This article is part of the ConnectIT: Bridging the Gap Between Education and Technology series. Please join the discussion on Twitter by using the #ConnectIT hashtag.

[title]Connect IT: Bridging the Gap Between Education and Technology

gorodenkoff/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.