Jul 01 2020

Make the Case for Security Spending

Many priorities compete for limited IT budget. Improving communication between IT and school leaders can help ensure security gets what it needs.

With the nationwide shift to full-scale remote learning, cybersecurity is critical to keeping virtual classrooms up and running. But in the face of ever-present budget constraints, many schools and districts struggle to allocate adequate funding to security initiatives.

Recent research from CDW and IDG indicates that education leaders expect to devote just 20 percent of their IT budgets to risk mitigation over the next two years. Other priorities — such as modernizing IT, improving collaboration and transforming user experiences — are expected to get bigger slices of the pie.

Lower security spending could be a sign that IT leaders and administrators aren’t aligned on their school or district’s risk posture, particularly when it comes to the effectiveness of current security solutions. A lack of breaches is often taken as a sign that defenses are up to snuff. In reality, K–12 systems must tackle a never-ending barrage of both known and unknown phishing, distributed denial of service and ransomware attacks that require IT teams to continuously refine their security approaches and capabilities.

Uniting all stakeholders around a common understanding of the K–12 threat landscape — as well as the school or district’s specific needs, goals and challenges — is critical to mitigating risk. But even that discussion won’t have much of an impact if school leadership doesn’t also take the time to break through outmoded silos that place cybersecurity in one bucket and learning goals in another.

A Smarter Take on Security

A clear takeaway from recent K–12 cyberattacks: They have wide-reaching consequences, from taking down district payroll systems to interrupting instruction. Cybersecurity’s influence over schools and districts must be just as pervasive.

In a comprehensive security strategy, the responsibility for safeguarding systems and data extends beyond the IT department to everyone in the organization, from students and teachers up through the highest levels leadership. Even vendors play a role.

Of course, the organization’s processes and technologies must also come together to ensure that the prevention, detection and remediation of threats is as effective as possible, but no security measure exists in a vacuum. Comprehensive security instead looks at risk mitigation in the context of schools’ wider mission — enabling student success — making it even more important that educators and administrators take part in the security discussion.

More On