Kenneth Thompson, deputy superintendent for operations at the San Antonio Independent School District, outlines the importance of effective incident response planning.

Jan 24 2024

FETC 2024: What Happens if the Network Goes Down? K–12 Delves Deeper.

Hands-on workshops home in on the importance of having multiple security layers and processes in place in advance of a cyber incident.

The potential fallout from a cybersecurity breach is keeping K–12 IT teams up at night. The possibility of bad actors getting into and silently moving about school networks for months without detection has IT experts worried about student data loss, third-party risks, lack of leadership support for proper cybersecurity funding and even losing their jobs as a result.

These were just some of the concerns they voiced during several cybersecurity workshops at the Future of Education Technology Conference, taking place this week at the Orange County Convention Center in Orlando, Fla.

During his session on business continuity, Kenneth Thompson, deputy superintendent for operations at the San Antonio Independent School District, explained that having an updated, documented cybersecurity policy is vital for helping schools prepare for and get back up from a breach.

Click the banner to stay up to date on innovative ed tech when you sign up as an Insider.

“Education is our core business, and you need a plan that will allow you to continue to do that work in times of crisis,” he said.

However, “it takes a crisis to get attention” from leadership, he added, noting that without leadership support, any plan created would have “no teeth.”

DISCOVER: How to make the case for security spending.

Presenters Bring Incident Response Planning to Life

Thompson outlined incident response, business continuity and disaster recovery as the three prongs for addressing a cyber breach. He also stressed the importance of creating a cybersecurity framework and pointed to the National Institute of Standards and Technology as a starting point.

And while ransomware probably grabs the most headlines, schools must contend with and have a plan for six types of cyberattacks, including malware, distributed denial of service, advanced persistent threats, phishing and Internet of Things-based attacks.

Source: Sophos, “The State of Ransomware in Education 2023,” July 2023

In his training session, Emmanuel Ajanma, director of technology and information services at Barre Unified Union School District, discussed his own experience with getting leadership buy-in. He decided to share the results of a phishing test after leadership expressed fears about burdening teachers with another requirement when they already carry a heavy load.

“Hackers don’t care about all the other things happening,” Ajanma said. “They are still targeting us even if we are doing a million projects. They want our information, and they will keep targeting us to get it.”

RELATED: What the National Cybersecurity Alliance’s executive director has to say on phishing.

Co-presenter Eileen Belastock, an ed tech leadership specialist at the Massachusetts Department of Elementary and Secondary Education, joined in the chorus of cybersecurity trainers that day who emphasized the importance of getting everyone in the district on the same page about cybersecurity.

“We’re finding that sometimes we are the only ones talking about cybersecurity,” she said. “It's only a priority for us.  And many times we cannot prevent it, but we want to make sure we involve everybody in the district.”

In his session, Thompson went so far as to emphasize that cybersecurity planning and table top exercises must involve all business owners to bring home the point that everyone in the school environment owns cybersecurity.

Several of the training workshops included tabletop exercises that gave attendees a chance to react to real-life cyber attack scenarios so they could see exactly how crippled a school district could be in the wake of a cyberattack and how necessary it is to have multiple stakeholders available for incident response planning.

More Monitoring Without Taking Action Won’t Impact Cybersecurity

“What’s the point of having locks on your front door if you are just going to give the key to every one of your neighbors?” Omar Valerio, CIO and CTO at Westminster Christian School, asked in his session on assessment.

For Valerio, running regular network scans that alert IT teams before bad actors get too far into a school’s network is wise, but ultimately worthless if teams don’t regularly review and address issues found in the reports.

DIG DEEPER: Why preventive assessments are crucial for data security.

He also recommended internal scans and regular penetration tests using one or two third-party providers — then he wrapped his session with a warning: “No one is immune. Be proactive. Close those doors, and lock every door.”

To ensure you don’t miss a moment of FETC event coverage, keep this page bookmarked and follow @EdTech_K12 on X (formerly Twitter) for live updates and behind-the-scenes looks.

Photography by Taashi Rowe

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.