Cybersecurity continues to be the No.1 technology concern for district technology leaders as schools have become much bigger targets for cyberattacks.
There have been 1,619 publicly disclosed cyberattacks on schools between 2016 and 2022, according to K12 Security Information Exchange, a nonprofit focused on helping schools prevent cyberattacks.
These incidents can cause major disruptions to teaching and learning and to administrative functions in a district. The attacks can also put sensitive data about students and employees at risk. In some cases, school districts have had to shut down schools for several days.
Given those consequences, it’s imperative for district leaders to understand why they need to make cybersecurity a priority.
In a Jan. 8 webinar hosted by the Consortium for School Networking and AASA, the School Superintendents Association, three superintendents shared their best practices for preventing and responding to cyberattacks. They are Peter Aiken of the Central York district in Pennsylvania, Gustavo Balderas of the Beaverton district in Oregon, and Mark Benigni of the Meriden district in Connecticut.
Here are their tips:
Develop a prevention and response plan
The three superintendents underscored the importance of having a plan that will help prevent or discourage cyberattacks, as well as a plan to respond to cyberattacks because they can happen to any district. (In fact, they all said their districts have been hit with some form of cyberattack).
When it comes to preventing attacks, the panelists said providing “continuous” cybersecurity training for students and staff is “critical.” Everyone who uses district technology should be trained on having good online habits so that they don’t click on the wrong links, fall for phishing attacks, or accidentally give out sensitive information that hackers can use to attack a district’s network.
For staff, these trainings could be part of the annual training requirements that most districts have, Benigni said. They could also be part of the onboarding process for new staff members. For students, digital citizenship and online safety training could also be required.
A response plan should include how leaders are to notify the school or district community, as well as law-enforcement agencies, Benigni said.
It should also include mitigation and recovery strategies. For instance, when the Meriden school district had a few devices that were hit by a ransomware virus, Benigni said his district was prepared because they back up their devices regularly. They restored the devices from the latest cloud backup instead of paying the ransom.
Districts should have backup plans to ensure learning isn’t disrupted when technology is disabled because of a cyberattack, as well. Teachers should be “prepared to go old school” and make sure students are still learning, Balderas said.
Communicate the ‘why’ behind the plans
The three superintendents identified communication as being just as important as having a prevention and response plan. Part of the cybersecurity training for staff and students should include communicating why it’s important that a district secures its networks.
“I think the more available we can make ourselves and communicate the rhyme and reason, the why behind [the district’s cybersecurity practices],” the more likely people will buy into them, Aiken said.
How a district leader reacts and communicates with the community—students, staff, parents, local media—after a cyberattack is also critical because it could affect the district’s credibility and reputation, Balderas said.
“Make sure you react quickly with all the information you can share and be very resolved in terms of what you’re going to do to deter [attacks] in the future,” he said.
District leaders across the country should make it a priority to share best practices with one another, too, the panelists said.
“I think it’s important we learn from one another because most school systems are not going to have their own cybersecurity division to take action on these issues,” Benigni said.
