The Importance of Audits and Inventory
While there are many steps K–12 IT administrators can take to mitigate cyberattacks, an often-overlooked element is inventory and documentation.
The K–12 environment is dynamic and demanding, said Duane Shaffer, director of technology service at the Learning Technology Center. “Emergencies are a huge part of technology documentation. That way, you know what you have, where it is and how to access it,” Muckensturm added.
Nathan Miller, chief technology and information security officer for the Georgia Department of Education, echoed the importance of documentation in a later CoSN 2025 session Tuesday.
“If you’ve implemented any cybersecurity framework, you know there’s a heavy emphasis on inventory,” he said. “Inventory is probably the least sexy, most mundane and irritating pieces, but it’s really important to know not just which products were affected but how those products were interconnected.”
RELATED: K–12 schools use asset-tracking technology to save money and reduce risk.
And when it comes to inventory, you will never be done, Muckensturm said. “When you have new equipment come in or you take equipment out, documentation has to constantly be updated.”
“Remember to do that after your E-Rate projects,” Shaffer advised. People spend all their E-Rate money, and they forget to map out areas with new wiring or equipment, he said.
When Agua Fria Union High School District experienced an attack, Director of Technology Brandon Gabel had only been in his role for about five months and hadn’t yet had the opportunity to do a full inventory. He and his team had recently trained on their cyber incident response plan, however.
Create and Practice a Cyber Incident Response Plan
Because everyone played their parts according to Agua Fria UHSD’s cyber incident response plan — and because the district’s endpoint detection and response technology stopped a lot of the criminal activity — all critical infrastructure was restored by 11:45 p.m., Gabel told CoSN 2025 attendees Wednesday.
Muckensturm also stressed the importance of practicing incident response plans. Moreover, he said, use AI to prompt cybersecurity tabletop simulations. “It does need to be written down for you, because when you’re panicked, you forget a lot of stuff,” he said. “You want to make sure you have something tangible that you can look at.”
In addition to having a practiced plan in place, Gabel’s district was additionally protected by technologies that the Arizona Department of Homeland Security provided, including CrowdStrike, Cisco Duo, Tanium and Infosec IQ solutions.