Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Leadership and ManagementLogical SecurityEducation: K-12

How K-12 cybersecurity leaders can protect their schools this fall

By Randy Watkins
K-12 cybersecurity

Image from Unsplash

October 4, 2022

The start of the school year was anything but smooth for the Los Angeles Unified School District (LAUSD), the nation’s second-largest school district, as cyberattacks all but caused a virtual snow day for students. It's no surprise though, as remote and hybrid learning environments have been widely implemented, putting the cyber security teams of these learning institutions on high alert.

During the heart of the pandemic, school districts, eager to lay an equal playing field for students regardless of their means, handed out tablets, laptops and Wi-Fi hotspots so every child could participate in remote learning. While quite necessary in the effort that no child gets left behind, each of these devices was potentially a back door into a district’s IT networks.

Once online, K-12 networks became attractive to hackers and cybercriminals because they contain large volumes of personally identifiable information (PII) on students, teachers, administrators, staff and parents. Everything from digital grade books to direct deposit pay instructions, vendor accounts and more — all attractive targets for a bad actor — are stored on networks and accessed by users with limited understandings of cybersecurity. Hackers also know that schools are more likely to pay a ransom than enterprise institutions due to their funding and the need to stay online.

Several factors have led to this shaky security infrastructure, the biggest of which is chronic underfunding for most school districts. Research conducted by Morning Consult for IBM in October 2020 found that 54% of educators and administrators said that budget was a large or medium barrier in strengthening their institution’s cybersecurity position.

The lack of resources to invest in cybersecurity manifests itself across all levels:

  • Students are often assigned older devices that are easier targets for hackers.
  • Educators are subject matter and child development experts; they are not IT professionals
  • Administrators, while stating they felt it was their responsibility to prevent an attack, were only 20% more likely to have received any cybersecurity training than educators, according to the Morning Consult/IBM research.
  • District IT professionals are stretched thin, which makes it challenging for districts to attract the best IT talent with their limited budgets.

In addition, 59% of teachers and administrators told Morning Consult/IBM they were using their personal devices for remote learning, which leaves district IT teams with little visibility into the security of those devices or other networks they connected to.

While districts across the country are supporting in-person learning for the 2022-23 school year, cybersecurity should remain a priority. Even in the wake of limited funds, there are effective and cost-efficient steps district IT professionals, administrators and teachers can take.

Teach and enforce cyber hygiene

Personal hygiene is part of many middle and high school programs, and in this digital age knowing how to keep school devices and networks clean and safe is just as important. All students need to understand why the data stored on the school network is important and should be protected. They also need to be taught cybersecurity policies and how to adhere to them.

For older children, cybersecurity education should include the types of attacks such as malware, ransomware, phishing, etc. and how to identify them. For younger children, who could be more likely to fall victim to phishing or deceptive scams, user-based controls can limit the applications and sites that students can access.

Invest strategically

When possible, districts should invest the limited resources they have in controls that will prevent attacks. With many attackers targeting users to compromise their credentials, implementing multi-factor authentication (MFA) for all users with access to PII will limit an attacker’s ability to steal data. Additionally, schools should build out their vulnerability management and patching programs to prevent attackers from using exploits that have already been identified and patched by manufacturers. Lastly, with email still being a chief attack vector, investments in an email protection tool that identifies and prevents targeted attacks beyond spam may make a difference in the outbreak of opportunistic attacks and spear phishing emails.

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has several resources that can advise on areas like training, best (and bad) practices and services that districts can tap into. Another excellent resource for administrators and IT professionals is SchoolSafety.gov, a joint effort between several U.S. agencies, including the Department of Education and the Department of Homeland Security.

Monitor the network 

While the first two recommendations are a starting point, monitoring network endpoints for suspicious activity, malware and other threats is crucial. The volume of these alerts, however, can be overwhelming, and it can be difficult for small IT teams to triage which ones are vital to address. Some districts have found it helpful to automate monitoring or outsource it to a third party that offers managed detection and response (MDR) services.

With the expanded attack surface and a treasure trove of valuable information, it’s likely school districts and higher education will remain targets of interest for adversaries. Investments in cybersecurity will be necessary to stave off attacks, but implementing cybersecurity education and training across students and faculty can also play a preventative role in safeguarding the education of future generations.

KEYWORDS: cyber attack cyber hygiene cyber security education K12 security network monitoring school security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Randy Watkins is CTO at Critical Start.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • School student learns on laptop

    7 ways K-12 cybersecurity leaders can secure school data

    See More
  • k12 student

    K-12 students can help reduce cyberattacks in their districts

    See More
  • paying with digital systems

    How retailers can better protect their networks from ransomware

    See More

Events

View AllSubmit An Event
  • May 22, 2025

    Proactive Crisis Communication

    ON DEMAND: Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing