“In public education, and in K–12 education especially, we are entrusted to be stewards of student data. We have a responsibility to protect and hold close the data that our students generate as part of their educational environment,” Bourgeois says. “We have a responsibility back to our community to keep students safe and keep their data safe. One of the biggest benefits our community provides to us is the funding to serve our students.”
Changing the culture around cybersecurity within a district can improve the public’s perception of the school and its leaders. When school leaders work to make their staff aware of cybersecurity’s importance, they can achieve a better sense of security for the entire community.
“Every incident that happens starts with a person,” Armstrong says. “Somebody had to send it. Somebody had to click on it. Somebody had to execute it. It all comes back to a person.”
“When we talk about security, this is the most undervalued aspect in K–12. Yet, name one thing you can do without a piece of technology,” he adds. “It touches every aspect of what we do, and if it went down, how long before your school could recover?”
Tackle K–12 Phishing Scams with Staff Training and Awareness
Like St. Vrain, Virginia’s Chesterfield County Public Schools is also acutely aware of the role human error plays in K–12 cybersecurity.
“Security awareness training seems like a compliance activity, but it can be the training of your elite soldier force that will stop a phishing attack. Phishing is probably the No. 1 attack vector for schools right now,” says Tim Tillman, CTO at CCPS.
He explains that educators may be more susceptible to phishing scams because they are inherently helpful and therefore fall victim to phishing emails that ask for help.
“If you start training employees to be suspicious, if you start empowering them and giving them agency over things that they do on their computers, they will feel much more confident to inform you of problems,” Tillman says. This was one of the changes he made when he took the CTO position at CCPS. He also hired a full-time cybersecurity analyst for the district.
“We do recognize that we have gaps and that we have weaknesses. We are trying to change the culture,” he says. “We’re trying to educate people.”