“Unless you know where you are, it’s very difficult to have a path forward and end up where you want to be,” he said.
The Cybersecurity Coalition for Education developed its Cybersecurity Rubic as a K–12 interpretation of the National Institute of Standards and Technology’s standard and other cybersecurity and privacy standards. This 1 to 5 scale tells districts whether their cybersecurity posture is reactive and unprepared or proactive and resilient. Once your posture is defined, the next step is prioritization.
“The next part is to identify where your areas of improvement and gaps are,” Ashley said. “Then, you have to make well-informed decisions on what the next steps are, because how you add your protections in the right order is how you’re going to get the biggest bang for your buck and decrease your attack surface.”
He warned attendees against what he called “random acts of cybersecurity” — creating a reactive, piecemeal cybersecurity defense without a cohesive strategy. Instead, he urged leaders to focus first on essentials: a firewall, backup and recovery solutions, multifactor authentication, endpoint protection, and a practiced incident response plan.
Ashley also noted that some of the most impactful changes are rooted in policies, not products. He told a story about how an email spoofing incident once cost him his paycheck.
DISCOVER: A clear roadmap can help districts build cybersecurity maturity.
“As soon as I heard how that happened, I was able to make some really simple changes,” he said. “Some of these protections we’re talking about don’t cost dollar signs. What it took to fix this situation was procedures, policies and guidelines.”
A Rubric-Driven Approach to Vetting Digital Resources
This strategic mindset around tool adoption, as well as the policies and procedures that define them, can extend to how districts adopt other ed tech tools. Martha Barwick, supervisor of innovation in learning for Harford County Public Schools, and Andrea Harthausen, learning management system specialist, explained their district’s framework for assessing and adopting digital resources.
In the past, Barwick said, digital tools were cataloged in a spreadsheet, with a team of two using their judgment to determine whether something would be approved for use. Today, that process looks a little different.
“Now we have a digital resource committee that has representatives on it from every content area,” she said. “We have a rubric that is based on 1EdTech. We had a representative from the state of Maryland come in to talk to us and train us on how we look at a Voluntary Product Accessibility Template, how we evaluate it and how we test the actual digital resource. We have a formal vendor letter, we have a disclosure form, and now we are kicking off an official AI evaluation.”
Click the banner below to get weekly insights sent to your inbox.
