K‑12 cybersecurity risks remain historically high. An independent study by SOPHOS found that 47% of educational institutions reported an increase in the volume of cyberattacks. Many schools and districts across the U.S. already fell victim to these attacks, and some suffered severe operational disruptions, loss of personal data, and costly efforts to recover their data.
What can educational technology leaders do to protect their institutions from cyberattacks? We recently held a webinar to discuss top tips for K‑12 cybersecurity with LINQ’s resident expert: Chief Information Security Officer Tim Chadwick.
Sensitive student, staff, and family data offers hackers a valuable objective, yet many educational institutions unknowingly let their guard down as technology use rapidly increased over the last several years. Cybercriminals know this, and they’ve stepped up their efforts.
K‑12 cybersecurity has never been more important than it is right now
As educational institutions struggled to maintain operations using a wide range of both free and paid software products throughout disruptions caused by the pandemic, cybersecurity measures weren’t always prioritized. Now, many K‑12 tech leaders realize they need to catch up. Cybercriminals know the vulnerabilities, and they’re exploiting soft spots to access valuable and sensitive information—including financial, personal identification, and health data.
We asked Chadwick for actionable cybersecurity measures K‑12 schools and districts can take now to lock down their data. He served up helpful real-world tips for improving security practices and strengthening the entire data infrastructure. In many cases, implementing best practices with the tools you already have can help secure sensitive data. Chadwick also advises prioritizing cybersecurity investments to protect information today and into the future as threats evolve.
In this blog post, we’ll look at key takeaways from the webinar. For the full discussion and additional tips, check out the webinar on demand.
Top 3 K‑12 cybersecurity takeaways tech leaders need to know
Takeaway 1: Ransomware is a significant threat to school districts, regardless of their size
Cybersecurity increasingly matters for school districts as ransomware attacks continue to rise. Chadwick says taking ransomware seriously means stepping up cybersecurity measures, like implementing best practices training and updating technology.
Chadwick says, “It’s not a matter of if this is going to happen, it’s a matter of when.” Strong defenses are vital, and it’s also important to establish an action plan in the event of an attack or attempted phish. “If it hasn’t affected your school district yet, you’re on the list—they will get to you. It’s just a matter of being prepared, having things in place, and trying to mitigate the damage that can be done or to stop it before it happens.”
He also emphasizes that the size of the district doesn’t necessarily determine the likelihood of an attack. “We’re hearing from all different sizes … they’re not focusing on one specific school district.” Attacks often go to many districts at once regardless of size, location, or any other factor. Large, mid-sized, and small districts all get caught in the net.
Cybersecurity persists as a core concern for technology leaders at K‑12 districts of all sizes.
Takeaway 2: Districts need to invest in cybersecurity and identify ways to minimize exposure to risk
As ransomware attacks on schools and districts increase, educational institutions can protect themselves to reduce their vulnerability. This could mean eliminating unnecessary apps that house sensitive data and tightening system access authorizations.
Chadwick emphasizes the importance of documenting countermeasures and assessing the risks of not investing in cybersecurity. Clearly laying out what’s being done and what would improve data security can help get leaders and decision makers onboard with additional cybersecurity investments.
Chadwick also suggests that school and district technology leaders should work with vendors to ensure strong security controls. “Make sure that they have things buttoned up, as well,” he says. “You can call on those technology providers to put in place some strong security controls as well.” Strong partnerships with software providers form a key component to holistic cybersecurity—after all, any system is only as secure as its weakest link.
Takeaway 3: Using AI, such as ChatGPT, in school districts can bring additional cybersecurity risks
While AI can offer many benefits to schools and districts, it can also complicate potential cybersecurity risks. Chadwick discussed the importance of being mindful of what information is being input into AI systems like ChatGPT, as it can be added to their knowledge base and potentially accessed by others.
According to Chadwick, cybersecurity can depend on what users at your school or district input into AI tools. “If you’re putting personally identifiable information in there, you’ve now added it to the AI platform’s knowledge base or what it can use to actually answer future questions.” That’s important to keep in mind, and it’s a consideration that needs to be at the heart of school and district cybersecurity practices.
It’s time to lock down your K‑12 data with an effective cybersecurity strategy
Ransomware is a growing concern for K‑12 districts, with attacks increasing in frequency and size. However, many districts are underinvesting in cybersecurity, with some spending less than 1% of their IT budget on security measures to protect sensitive student, staff, and family data.
Districts should honestly assess the risks of not investing in cybersecurity and present this information to administrators and district leaders to gain support for increased investment. Shrinking risk by managing the tech stack and ensuring vendors have strong security controls in place is crucial. Additionally, AI can pose privacy risks if personally identifiable information is entered into it.
Locking down your data these days means more than installing all software updates and using strong passwords. Protecting student, staff, family, and critical operational data depends on a holistic, modern approach to cybersecurity. A combination of best practices, data infrastructure investment, and risk reduction can help ensure a brighter, more secure future for your school or district.
Get more tips for improving your cybersecurity by watching the full webinar on-demand now.