Privacy & Security

3 Superintendents Share Cybersecurity Best Practices

By Lauraine Langreo — January 10, 2024 3 min read
Image of a red glowing caution sign over a dark field of data.
  • Save to favorites
  • Print

Cybersecurity continues to be the No.1 technology concern for district technology leaders as schools have become much bigger targets for cyberattacks.

There have been 1,619 publicly disclosed cyberattacks on schools between 2016 and 2022, according to K12 Security Information Exchange, a nonprofit focused on helping schools prevent cyberattacks.

These incidents can cause major disruptions to teaching and learning and to administrative functions in a district. The attacks can also put sensitive data about students and employees at risk. In some cases, school districts have had to shut down schools for several days.

Given those consequences, it’s imperative for district leaders to understand why they need to make cybersecurity a priority.

In a Jan. 8 webinar hosted by the Consortium for School Networking and AASA, the School Superintendents Association, three superintendents shared their best practices for preventing and responding to cyberattacks. They are Peter Aiken of the Central York district in Pennsylvania, Gustavo Balderas of the Beaverton district in Oregon, and Mark Benigni of the Meriden district in Connecticut.

Here are their tips:

Develop a prevention and response plan

The three superintendents underscored the importance of having a plan that will help prevent or discourage cyberattacks, as well as a plan to respond to cyberattacks because they can happen to any district. (In fact, they all said their districts have been hit with some form of cyberattack).

When it comes to preventing attacks, the panelists said providing “continuous” cybersecurity training for students and staff is “critical.” Everyone who uses district technology should be trained on having good online habits so that they don’t click on the wrong links, fall for phishing attacks, or accidentally give out sensitive information that hackers can use to attack a district’s network.

See Also

Illustration of Internet network data computer laptop security shield and lock symbol.
DigitalVision Vectors/Getty
Privacy & Security 3 Ways Schools Can Reduce Cybersecurity Risks
Lauraine Langreo, January 25, 2023
4 min read

For staff, these trainings could be part of the annual training requirements that most districts have, Benigni said. They could also be part of the onboarding process for new staff members. For students, digital citizenship and online safety training could also be required.

A response plan should include how leaders are to notify the school or district community, as well as law-enforcement agencies, Benigni said.

It should also include mitigation and recovery strategies. For instance, when the Meriden school district had a few devices that were hit by a ransomware virus, Benigni said his district was prepared because they back up their devices regularly. They restored the devices from the latest cloud backup instead of paying the ransom.

Districts should have backup plans to ensure learning isn’t disrupted when technology is disabled because of a cyberattack, as well. Teachers should be “prepared to go old school” and make sure students are still learning, Balderas said.

Communicate the ‘why’ behind the plans

The three superintendents identified communication as being just as important as having a prevention and response plan. Part of the cybersecurity training for staff and students should include communicating why it’s important that a district secures its networks.

See Also

underground cyber security hologram with digital shield 3D rendering
iStock/Getty Images
Privacy & Security It Takes an Entire District to Prevent a Cyberattack: 5 Tips
Lauraine Langreo, February 15, 2023
3 min read

“I think the more available we can make ourselves and communicate the rhyme and reason, the why behind [the district’s cybersecurity practices],” the more likely people will buy into them, Aiken said.

How a district leader reacts and communicates with the community—students, staff, parents, local media—after a cyberattack is also critical because it could affect the district’s credibility and reputation, Balderas said.

“Make sure you react quickly with all the information you can share and be very resolved in terms of what you’re going to do to deter [attacks] in the future,” he said.

District leaders across the country should make it a priority to share best practices with one another, too, the panelists said.

“I think it’s important we learn from one another because most school systems are not going to have their own cybersecurity division to take action on these issues,” Benigni said.


Jobs Virtual Career Fair for Teachers and K-12 Staff
Find teaching jobs and other jobs in K-12 education at the EdWeek Top School Jobs virtual career fair.
English-Language Learners Webinar English Learners and the Science of Reading: What Works in the Classroom
ELs & emergent bilinguals deserve the best reading instruction! The Reading League & NCEL join forces on best practices. Learn more in our webinar with both organizations.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Teaching Webinar
Challenging the Stigma: Emotions and STEM
STEM isn't just equations and logic. Join this webinar and discover how emotions fuel innovation, creativity, & problem-solving in STEM!
Content provided by Project Lead The Way

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

Privacy & Security A Massive Data Leak Exposed School Lockdown Plans. What Districts Need to Know
More than 4 million records held by school safety software company Raptor Technologies were left inadvertently exposed online.
5 min read
Concept image of security breach, system hacked alert with red broken padlock icon showing vulnerable access.
Nicolas Herrbach/iStock/Getty
Privacy & Security As Cyberattacks Mount, Lawmakers Double Their Efforts to Protect Schools
But the legislative push is not matched by funds to build better cyber defenses.
2 min read
Conceptual illustration of computer with a pixelated lock on screen.
Nanzeeba Ibnat/iStock/Getty Images Plus
Privacy & Security Saturn Is a New App for High Schoolers. Here’s Why It Has Educators Concerned
Saturn is billed as a time-management app, but experts see potential privacy concerns in allowing it broad access to students' schedules.
6 min read
Image of a clock, calendar, and a pencil.
Privacy & Security Q&A AI Is Making Data Literacy a 'Survival Skill' That Schools Must Teach, Experts Argue
A new survey found that more than two-thirds of U.S. adults don't understand how their data is being used.
4 min read
Illustration of individual carrying binary data on his back to put back into the organized background of 1s and 0s.
iStock/Getty Images Plus